Cybersecurity Risk Senior Analyst

Cybersecurity Risk Senior Analyst (GRC) role is to facilitate the implementation of a comprehensive risk-based approach for the CMA CGM Group. This includes the steps of risk assessment, risk treatment framing and risk acceptance process handling.

Liaison with Third Party Risk Management, Governance and Compliance teams will be essential, in order to assess the level of security of critical applications, produce executive reports on the recommendations identified and establish security plans to be implemented and monitored.

The Cybersecurity Risk Analyst reports to the Group Cyber Risk Manager, under the GRC Director.

RESPONSIBILITIES

1. Be the referent analyst for one or several Business Lines (Shipping, Ships, Logistics, Transport, Corporate Functions, Media, Innovation)
2. Challenge and validate application prequalification CIA scoring by the Risk Owners
3. Perform security risk assessments following ISO 27005 methodology
4. Review security architectures, cloud & networks integration for critical application ecosystems
5. Identify security objectives & define remediation plans in regard to security policies or standards
6. Act as a technical expert with cybersecurity & IT stakeholders
7. Act as a functional expert/evangelist with Business stakeholders
8. Tackle critical applications legacy and perform backlog treatment through project management
9. Be a key contributor or project lead for framework enhancement, maturity level improvement, KRIs/KPIs dashboarding reporting
10. Determines security requirements by evaluating business strategies and threat landscapes.
11. Ensure that policy compliance is appropriate to the organization level of risk acceptance.
12. Evaluate if appropriate controls are in place and oversee/create actions plans
13. Advise stakeholders on how to apply the relevant remediation and assist with solutions to support it.
14. Ensure Risk Assessments are documented and communicated as relevant to technical stakeholders and understandable to non-technical audiences.
15. Support security initiatives deliveries as needed and track progress with compliance team.
16. Evangelize cybersecurity risk-based approach and communicate around best practices
17. Develop and maintain close working relationships with GRC teams, Architecture Security teams and IT stakeholders.
18. Build and maintain a cybersecurity Risk Register with strategic & operational risks identification and scoring on your defined scope
19. Build and maintain a cybersecurity Risk Map based on the Risk Register on your defined scope
20. Act as a mentor and contribute to the development of the team in areas of expertise.
21. Promote and develop cybersecurity awareness and cybersecurity by-design culture in CMA CGM Group.

QUALIFICATIONS & PROFILE

• Bachelor or Master degree in Cybersecurity, Computer Science, Information Technology or equivalent
• Excellent Communication skills
• Knowledge & Experience:
• You have at least 8 years of experience in a similar role or GRC related (IT audit, risk management or advisory, etc.)

You hold one or more relevant industry certifications, including but not limited to:

• Risk Manager ISO 27005
• EBIOS RM
• NIST CSF
• Certificate of Cloud Security Knowledge (CCSK)
• Certified Information Systems Security Professional (CISSP)
• ISO 27001 Lead auditor or Lead Implementer
• Certified Information System Auditor (CISA)
• Certified Cloud Security Professional (CCSP)
• Certified Ethical Hacker (CEH)