P Location: Lisbon/Oporto p About the Role /pp The Group Cloud Chief Information Security Officer (CISO) team is responsible for safeguarding the cybersecurity and resilience of all cloud-based assets across the Group.
This includes all cloud service models (IaaS, PaaS and SaaS) and third-party software deployed across major cloud providers such as IBM Cloud, Microsoft Azure, Amazon Web Services and Google Cloud Platform.
/pp We are now looking for a Cloud Cyber Risk Analyst Third-Party Risk Manager to play a key role in strengthening our cloud security posture and managing cyber risks associated with SaaS and third-party ecosystems.
/pp Key Responsibilities /pp You will actively contribute to the two core missions of the Cloud CISO team: /pp1.
Cloud Security Perimeter – SaaS Third-Party Risk /pulli Take an active role in cloud third-party onboarding activities, including risk assessments and case reviews /lili Contribute to third-party cybersecurity governance design and operating models /lili Ensure effective monitoring and follow-up of third-party cybersecurity governance over time /lili Participate in and contribute to governance committees on third-party and SaaS-related cases /li /ulp2.
Cyber Risk Assessments – Cloud Maturity Assurance (CMAT) /pulli Review and understand existing cyber risk assessments (based on ISO ***** and EBIOS Risk Manager) /lili Assess the impact of remediation plans and mitigation progress on overall risk levels /lili Challenge and follow up on remediation actions implemented by service providers or internal entities /lili Actively contribute to risk assessments of cloud platforms and cloud-based applications /li /ulp3.
Additional Contributions /pulli Support the maintenance of cloud cybersecurity risk data in relevant tools and repositories /lili Contribute to broader governance and organisational initiatives within the Cloud CISO team /lili Support cloud risk mapping activities when required /li /ulp Collaboration Environment /pp You will work closely with: /pulli The Cloud CISO team based in Paris /lili An IT Risk Analyst – Cloud based in Portugal /li /ulp This role offers strong exposure to international stakeholders, strategic decision-making, and complex cloud environments.
/pp Required Experience Technical Skills /pulli Minimum 5 years#39; experience in cybersecurity /lili(ISO ***** Lead Implementor or Lead Auditor certification is highly valued) /lili Strong knowledge of risk management methodologies, including ISO ***** and/or EBIOS Risk Manager /lili(certifications are a plus) /lili Experience with third-party and SaaS-related risk management /lili Knowledge of cloud security standards and frameworks such as SOC 2, CSA, ISO ***** /lili Familiarity with cybersecurity control frameworks (e.g. NIST, CIS) /lili Project management knowledge is an advantage /lili Excellent written and verbal communication skills /lili Strong collaboration skills and the ability to convey complex security topics clearly /li /ulp Language Skills /pulli English: Fluent / Full professional proficiency /lili French: Basic knowledge (nice to have) /li /ulp Key Soft Skills /pulli Strong ability to influence decisions without formal authority, particularly on security topics /lili Pragmatic decision-making in fast-changing environments, aligned with strategic objectives /lili Highly analytical mindset with strong critical thinking and problem-solving skills /li /ul /p