GRC Consultant Risk Management (IT Risk & Cyber)

Main Mission

Consultant capable of designing and implementing an industrialized process for Risk Management.

The consultant must be able to :

Definition of the Risk Strategy

• Define formalise and maintain a structured risk analysis methodology.
• Develop and maintain templates policies standards and guidance documents.
• Build an service offering for risk analysis activities.
• Harmonise practices across teams and ensure alignment with group-wide expectations.

Industrialisation of the Risk Analysis Process

• Design automated workflows for generating risk analyses
• Automate data collection prepopulation of fields consolidation and generation of standardised deliverables.
• Continuously improve the process to reduce effort improve quality and increase consistency.
• Work closely with customers to integrate business and operational constraints.

Qualifications :

Governance Risk & Compliance

• Good knowledge of cybersecurity frameworks (ISO 27001 NIST CSF CIS Controls).
• Skills in IT and security risk management.
• Understanding of regulatory requirements: GDPR DORA eIDAS etc.
• Ability to draft policies procedures standards and guidelines.
• Analysis & Project Management
• Ability to coordinate multiple stakeholders (IT Security Business teams HR).
• Strong ability to produce clear and structured deliverables.
• Knowledge of CSSF constraints is an asset.
• Strong vision and expertise in CyberSecurity processes especially IT risk analysis.
• Affinity with operational process workflows and their optimisation.

Behavioural Skills

• Strong rigour and attention to detail.
• Proactive mindset and ability to take initiative.
• Strong organisational capabilities.
• Critical thinking and problemsolving mindset.
• Clientoriented attitude.
• Creativity innovation and ability to resolve complex issues.
• Ability to synthesise and simplify complex information.

Language Skills

• French: read written spoken.
• English: read written spoken.

Bachelors/Masters degree (Computer Science Cybersecurity Risk Management Governance Audit or equivalent).

Experience in GRC cybersecurity IT risk management IT audit or compliance.

Certifications appreciated: ISO 27001 Lead Implementer / Auditor ITIL CISSP CISM CISA.

Additional Information :

As a member of one of Europes largest digital solutions providers youll benefit from extensive career development opportunities both local and international. At the Sopra Steria Academy youll be part of a dynamic network of 56000 professionals at all stages of their careers. With a wide array of offices to explore you can find your ideal location and take the next step in your career.

We offer a generous employee benefits package that includes:

• Access to our Sopra Steria training and personal development academy
• A company car lease or mobility budget
• A company laptop and mobile phone
• Private health insurance coverage
• Meal vouchers
• Social security and pension plan
• A competitive salary

Sopra Steria is implementing the tools of the future today at the worlds largest businesses across industry and financial services. By being bold together our professionals are changing how business is done.

Sopra Steria is an equal opportunity employer. All qualified applicants will be considered for employment without regard to age ancestry nationality color family or medical leave gender identity or expression genetic information immigration status marital status medical condition national origin physical or mental disability political affiliation protected veteran or military status race ethnicity religion gender (including pregnancy) sexual orientation or any other characteristic protected by applicable local laws regulations and ordinances. We foster a work environment that is inclusive and respectful of all differences.

Remote Work :

No

Employment Type :

Full-time