Job Description
Main Responsibilities:
Maintain cloud cybersecurity risk cartography :
1. Follow-up data quality and comprehensiveness in cloud assets referential (Cloud Register) and cloud risks referential (cloud risks in the Risk Register) in ServiceNow tooling
2. Build, improve and provide risk reportings templates using ServiceNow or an external tool (such as Tableau)
3. Provide periodic cloud risk reportings
4. Active role in the preparation of quarterly cloud risk committees
Risk assessments:
5. Understand risk assessments already produced (based on ISO 27005/EBIOS Risk Manager) and impacts of remediations plans progresses on risks.
6. Skills to follow up/challenge remediation plans implemented by service providers or entities.
7. Contribute actively in risk assessments of cloud platforms and cloud applications.
8. Ideally, skills to lead risk assessments following on ISO 27005/EBIOS Risk Manager methods.
Other activities:
9. Contribute in (cloud) third parties onboarding studies (risk assessment, review of cases studies, …)
10. Contribute to governance/organization topics on third party cases.
11. Contribute to governance/organization topics related to the team.
12. Contribute to follow-up of third-party governance in run
Technical skills:
13. Certification ISO 27001
14. Certification ISO 27005 Risk Manager and/or EBIOS Risk Manager
15. Knowledge of a risk management tool such as ServiceNow or reporting tool such as Tableau
16. Knowledge on Cloud specific Cyber Security (such as SOC2, CSA, ISO27017)
17. Knowledge on Cyber Security control frameworks (such as NIST, CIS)
18. Knowledge in project management
19. English (Mandatory)
20. French (nice to have)