Location: Lisbon/OportoAbout the Role The Group Cloud Chief Information Security Officer (CISO) team is responsible for safeguarding the cybersecurity and resilience of all cloud-based assets across the Group.
This includes all cloud service models (IaaS, PaaS and SaaS) and third-party software deployed across major cloud providers such as IBM Cloud, Microsoft Azure, Amazon Web Services and Google Cloud Platform.We are now looking for a Cloud Cyber Risk Analyst & Third-Party Risk Manager to play a key role in strengthening our cloud security posture and managing cyber risks associated with SaaS and third-party ecosystems.Key ResponsibilitiesYou will actively contribute to the two core missions of the Cloud CISO team:1.
Cloud Security Perimeter – SaaS & Third-Party RiskTake an active role in cloud third-party onboarding activities, including risk assessments and case reviewsContribute to third-party cybersecurity governance design and operating modelsEnsure effective monitoring and follow-up of third-party cybersecurity governance over timeParticipate in and contribute to governance committees on third-party and SaaS-related cases2.
Cyber Risk Assessments – Cloud Maturity Assurance (CMAT)Review and understand existing cyber risk assessments (based on ISO ***** and EBIOS Risk Manager)Assess the impact of remediation plans and mitigation progress on overall risk levelsChallenge and follow up on remediation actions implemented by service providers or internal entitiesActively contribute to risk assessments of cloud platforms and cloud-based applications3.
Additional ContributionsSupport the maintenance of cloud cybersecurity risk data in relevant tools and repositoriesContribute to broader governance and organisational initiatives within the Cloud CISO teamSupport cloud risk mapping activities when requiredCollaboration & EnvironmentYou will work closely with:The Cloud CISO team based in ParisAn IT Risk Analyst – Cloud based in PortugalThis role offers strong exposure to international stakeholders, strategic decision-making, and complex cloud environments.Required Experience & Technical SkillsMinimum 5 years' experience in cybersecurity (ISO ***** Lead Implementor or Lead Auditor certification is highly valued)Strong knowledge of risk management methodologies, including ISO ***** and/or EBIOS Risk Manager (certifications are a plus)Experience with third-party and SaaS-related risk managementKnowledge of cloud security standards and frameworks such as SOC 2, CSA, ISO *****Familiarity with cybersecurity control frameworks (e.g. NIST, CIS)Project management knowledge is an advantageExcellent written and verbal communication skillsStrong collaboration skills and the ability to convey complex security topics clearlyLanguage SkillsEnglish: Fluent / Full professional proficiencyFrench: Basic knowledge (nice to have)Key Soft SkillsStrong ability to influence decisions without formal authority, particularly on security topicsPragmatic decision-making in fast-changing environments, aligned with strategic objectivesHighly analytical mindset with strong critical thinking and problem-solving skills