Location: Lisbon/Oporto About the Role The Group Cloud Chief Information Security Officer (CISO) team is responsible for safeguarding the cybersecurity and resilience of all cloud-based assets across the Group.
This includes all cloud service models (IaaS, PaaS and SaaS) and third-party software deployed across major cloud providers such as IBM Cloud, Microsoft Azure, Amazon Web Services and Google Cloud Platform.
We are now looking for a Cloud Cyber Risk Analyst & Third-Party Risk Manager to play a key role in strengthening our cloud security posture and managing cyber risks associated with SaaS and third-party ecosystems.
Key Responsibilities You will actively contribute to the two core missions of the Cloud CISO team:
1. Cloud Security Perimeter – SaaS & Third-Party Risk Take an active role in cloud third-party onboarding activities, including risk assessments and case reviews Contribute to third-party cybersecurity governance design and operating models Ensure effective monitoring and follow-up of third-party cybersecurity governance over time Participate in and contribute to governance committees on third-party and SaaS-related cases
2. Cyber Risk Assessments – Cloud Maturity Assurance (CMAT) Review and understand existing cyber risk assessments (based on ISO ***** and EBIOS Risk Manager) Assess the impact of remediation plans and mitigation progress on overall risk levels Challenge and follow up on remediation actions implemented by service providers or internal entities Actively contribute to risk assessments of cloud platforms and cloud-based applications
3. Additional Contributions Support the maintenance of cloud cybersecurity risk data in relevant tools and repositories Contribute to broader governance and organisational initiatives within the Cloud CISO team Support cloud risk mapping activities when required Collaboration & Environment You will work closely with: The Cloud CISO team based in Paris An IT Risk Analyst – Cloud based in Portugal This role offers strong exposure to international stakeholders, strategic decision-making, and complex cloud environments.
Required Experience & Technical Skills Minimum 5 years' experience in cybersecurity (ISO ***** Lead Implementor or Lead Auditor certification is highly valued) Strong knowledge of risk management methodologies, including ISO ***** and/or EBIOS Risk Manager (certifications are a plus) Experience with third-party and SaaS-related risk management Knowledge of cloud security standards and frameworks such as SOC 2, CSA, ISO ***** Familiarity with cybersecurity control frameworks (e.g. NIST, CIS) Project management knowledge is an advantage Excellent written and verbal communication skills Strong collaboration skills and the ability to convey complex security topics clearly Language Skills English: Fluent / Full professional proficiency French: Basic knowledge (nice to have) Key Soft Skills Strong ability to influence decisions without formal authority, particularly on security topics Pragmatic decision-making in fast-changing environments, aligned with strategic objectives Highly analytical mindset with strong critical thinking and problem-solving skills