Location: Lisbon/Oporto
About the Role
TheGroup Cloud Chief Information Security Officer (CISO) teamis responsible for safeguarding the cybersecurity and resilience of all cloud-based assets across the Group.
This includes all cloud service models (IaaS, PaaS and SaaS) and third-party software deployed across major cloud providers such asIBM Cloud, Microsoft Azure, Amazon Web Services and Google Cloud Platform.
We are now looking for aCloud Cyber Risk Analyst & Third-Party Risk Managerto play a key role in strengthening our cloud security posture and managing cyber risks associated with SaaS and third-party ecosystems.
Key Responsibilities
You will actively contribute to the two core missions of the Cloud CISO team:
1. Cloud Security Perimeter – SaaS & Third-Party Risk
Take an active role incloud third-party onboarding activities, including risk assessments and case reviews
Contribute tothird-party cybersecurity governancedesign and operating models
Ensure effectivemonitoring and follow-up of third-party cybersecurity governanceover time
Participate in and contribute togovernance committeeson third-party and SaaS-related cases
2. Cyber Risk Assessments – Cloud Maturity Assurance (CMAT)
Review and understand existingcyber risk assessments(based onISO ***** and EBIOS Risk Manager)
Assess the impact ofremediation plans and mitigation progresson overall risk levels
Challenge and follow up onremediation actionsimplemented by service providers or internal entities
Actively contribute torisk assessments of cloud platforms and cloud-based applications
3. Additional Contributions
Support the maintenance ofcloud cybersecurity risk datain relevant tools and repositories
Contribute to broadergovernance and organisational initiativeswithin the Cloud CISO team
Support cloud risk mapping activities when required
Collaboration & Environment
You will work closely with:
TheCloud CISO team based in Paris
AnIT Risk Analyst – Cloud based in Portugal
This role offers strong exposure tointernational stakeholders, strategic decision-making, and complex cloud environments.
Required Experience & Technical Skills
Minimum 5 years' experience in cybersecurity
(ISO ***** Lead Implementor or Lead Auditor certification is highly valued)
Strong knowledge ofrisk management methodologies, includingISO ***** and/or EBIOS Risk Manager
(certifications are a plus)
Experience withthird-party and SaaS-related risk management
Knowledge ofcloud security standards and frameworkssuch asSOC 2, CSA, ISO *****
Familiarity withcybersecurity control frameworks(e.g.NIST, CIS)
Project management knowledge is an advantage
Excellentwritten and verbal communication skills
Strong collaboration skills and the ability to convey complex security topics clearly
Language Skills
English:Fluent / Full professional proficiency
French:Basic knowledge (nice to have)
Key Soft Skills
Strong ability toinfluence decisions without formal authority, particularly on security topics
Pragmatic decision-making in fast-changing environments, aligned with strategic objectives
Highly analytical mindset withstrong critical thinking and problem-solving skills