Company Description
At Devoteam, we believe that technology with strong human values can actively drive change for the better. Discover how Tech for People unlocks the future, creating a positive impact on the people and the world around us. We are a global leading player in Digital Transformation for leading organisations across EMEA, with a revenue of €1B. We believe in transforming technology to create value for our clients, partners and employees in a world where technology is developed for people. We are proud of the culture we have built together. We are proud of our people at the service of technology. We are proud of our diverse environment. Because we are #TechforPeople. Join our multidisciplinary team of Cloud experts, Designers, Business consultants, Security experts, Engineers, Developers and other extraordinary talents, spread across more than 20 EMEA countries. Become one of our +10.000 tech and business leaders on cloud, data and cyber security. Let’s fuse creativity with technology together and build innovative solutions that actively change things for the better.
Job Description
The IT Risk analyst & Third Party risk manager will be actively involved in the 2 main missions of the Cloud CISO team:
- Cloud security perimeter through Software as a Service (SaaS) & Third Party usages.
- Cyber risk assessments with methods based on ISO 27005.
The role will be to analyze, study, follow up, provide a critical eye and be source of proposal on cloud cybersecurity and Software Third Party (SaaS) usage. So, he/she will have to be strongly skilled on cybersecurity, ideally cloud security.
- Cloud security perimeter through Software as a Service (SaaS) & Third Party usages.
- Active participation in (cloud) third-party onboarding studies (risk assessment, review of cases studies, …)
- Active participation to governance/organization topics on third party cases.
- Active participation to ensure third-party cybersecurity governance is in place and follow-up third-party cybersecurity governance in the run.
- Contribution to the committees on the studied cases.
- Risk assessments
- Understand risk assessments already produced (based on ISO 27005/EBIOS Risk Manager) and impacts of remediation plans progress on risks.
- Skills to follow up/challenge remediation plans implemented by service providers or entities.
- Contribute actively to risk assessments of cloud platforms and cloud applications.
- Other activities
- Contribute to maintaining cloud cybersecurity risk in tools if necessary.
- Contribute to governance/organization topics related to the team.
Qualifications
- certification ISO 27001
- certification ISO 27005 Risk Manager and/or EBIOS Risk Manager
- Knowledge of a risk management tool such as ServiceNow or reporting tool such as Tableau
- Knowledge on Cloud specific Cyber Security (such as SOC2, CSA, ISO27017)
- Knowledge on Cyber Security control frameworks (such as NIST, CIS)
- Knowledge in project management
Additional Information
The Devoteam Group works for equal opportunities, promoting its employees based on merit and actively fights against all forms of discrimination. We are convinced that diversity contributes to the creativity, dynamism and excellence of our organization. All of our vacancies are open to people with disabilities.
Top Skills
What We Do
Devoteam is a leading consulting firm focused on digital strategy, tech platforms, data and cybersecurity. By combining creativity, tech, and data insights, we empower our customers to transform their business and unlock the future. With 25 years’ experience and more than 10,000 employees across Europe, the Middle East and Africa, Devoteam promotes responsible tech for people and works to create better change. Creative tech for Better Change