Cyber Risk Analyst

📣 Would you like to join a company that puts people at the heart of its concerns? We are waiting for you! Since 2007, Extia, an IT consulting company, has been offering a unique approach in its field by combining well-being at work and performance.

Our philosophy at Extia is “First who, then what", so let's go for it!

🚀 First who?

• Analytical, you have a keen eye for identifying and assessing cybersecurity risks, applying a structured approach to risk management.
• Detail-oriented, you ensure compliance with security frameworks and best practices.
• Solution-driven, you provide recommendations and action plans to mitigate security threats.
• Proactive, you stay ahead of evolving cybersecurity risks and industry standards, demonstrating adaptability in improving security measures.
• Strong communicator, you effectively share insights and collaborate with stakeholders.
• Available to work 3 days per week from the office (Bucharest).

🚀 Then what?

We are looking for a Cyber Risk Analyst to join our client as part of the blue team, responsible for managing cybersecurity operations across multiple locations.

Responsibilities:

• Analyze, classify, and respond to cybersecurity risks within the organization.
• Assess the potential business and customer impact of security threats.
• Align security processes and controls with relevant frameworks and internal systems.
• Identify areas of concern and support resolution through recommendations and action plans.
• Conduct risk assessments and ensure compliance with cybersecurity standards.
• Monitor and analyze security incidents, supporting risk mitigation efforts.
• Provide expert advice on cybersecurity best practices and governance.

Requirements:

• Strong experience in IT security, risk assessment, and risk analytics.
• Proficiency in governance, risk, and compliance (GRC) tools.
• Experience with Azure Cloud security tools, particularly SIEM and threat detection (Splunk, Azure Security, Sentinel).
• Solid knowledge of data privacy and protection frameworks (ISO27001, NIST, GDPR, CIS20, Cyber Essentials).
• Expertise in risk analysis methodologies (Ebios RM, ISO 27005, etc.).
• Familiarity with recent attack techniques and security frameworks (MITRE ATT&CK, CIS Framework).
• Familiarity with penetration testing methodologies and vulnerability management.

Nice to have:

• Programming or development skills.
• French language proficiency.

🚀 Do you recognize yourself in the "Who" and represent the "What"? Apply and let's talk!

*only the suitable candidates will be contacted*