We are looking for a Cyber Security Risk Analyst to support a leading European organization in strengthening its cybersecurity governance and risk management practices.

This role focuses on risk methodology, assessment, and control definition, rather than hands-on technical work (e.g. no penetration testing or incident handling). You’ll be part of a team ensuring that cyber risks are effectively identified, assessed, and mitigated in line with established policies and frameworks.

Key Responsibilities

• Support the implementation and continuous improvement of the organization’s cybersecurity risk management framework.
• Conduct and document risk assessments for systems, services, and projects.
• Identify and evaluate information security risks, proposing appropriate risk treatment plans and controls.
• Ensure alignment with internal policies, standards, and regulatory frameworks (e.g. ISO 27001, NIST).
• Contribute to the development of governance documentation, procedures, and reports.
• Collaborate with cross-functional teams to promote risk awareness and compliance.

Profile & Skills

• Experience in cybersecurity risk management, governance, or compliance (typically 3+ years).
• Solid understanding of information security principles and risk frameworks (ISO 27001, ISO 27005, NIST, CIS).
• Strong analytical, documentation, and communication skills.
• Ability to work methodically within structured environments.
• Experience in EU institutions or regulated sectors is an asset.
• Certifications such as CRISC, CISM, or ISO 27001 Lead Implementer are advantageous (not mandatory).