CyberSecurity Governance Risk and Compliance Junior Consultant

Position : CyberSecurity Governance Risk and Compliance Junior Consultant

Organization

• Function : Legal/Risk Management

• Country : France

• Location : Paris, with occasional travel

• Supervisor : Group CyberSecurity Director / Group CyberSecurity Governance Risk and

Compliance Manager

Context

• The Compagny has defined an organization, policies and action plans to maintain and improve the

protection level of its information, Information Systems, and Operational Technologies (Industrial)

against incidents and cyberattacks like malware, intrusion from hackers, and fraud attempts.

• Cyber Security team is part of the Risk Management organization with the objective to coordinate

and provide oversight of Cyber Security activities within the Compagny Business Groups and Functions.

Purpose

• The Cyber Security Governance Risk and Compliance (GRC) Junior Consultant will mainly assist GRC

Manager/Officer in GRC run topics including performing cyber assessments for business applications,

contributing to architecture reviews taking into consideration Cybersecurity perspectives, managing

day-to-day security exception tickets through the compagny ITSM tools, analysing deviations from security

rules. He/she will assist the GRC Manager/Officer in building KPIs related to security exception

requests’ handling. will also progressively skill-up on GRC build topics such as security policy

documentation, reviews and maintenance.

Areas of responsibility

Steering/ Strategy

• Contribute to reviews, publication and maintenance of the information security policy set

• Contribute to the definition of the GRC roadmap

Design

• Contribute to the definition of security requirements for various technologies and projects

• Contribute to the design and definition of exception management criteria and processes

• Build

• Contribute to the selection and implementation of any 3rd party tools to be used in support of

GRC activities

Continuous Improvement

• Contribute to the evolution of existing policies, process, tools, and standards.

• Transfer knowledge to employees across the Group to empower improved cyber risk

management

Run

• Perform security risk assessments for business applications

• Contributes on applications’ architecture reviews and ensure the integration of security controls

• Manage security exception requests and maintain weekly KPIs about the progress

• Perform regular review of network security rules and provide support to remediate the weaknesses

Expected results

• Weekly KPIs stating clearly the progress on security exception handling

• Weekly KPIs on security assessments

• Integration of security controls into applications’ lifecycle

• Enhanced visibility on Network security gaps (specially IT/OT segmentation) and regular follow-ups

to close those gaps

Required skills and qualifications

• Fluent in both English and French

• Ability to communicate with every level of business and IT stakeholders

• Ability to conduct security risk assessments

• Proficiency with MS Office 365 tools

• Basic knowledge on NIS2 Directive

• Certifications on Risk Management (ISO 27005, ISO 3