Cyber Security Analyst

Cyber Security Risk Analyst

Location: Annecy (France) or Munich (Germany)

Contract: 6 months (extendable)

Business Area: Cyber Security & Risk Management

Start Date: ASAP

Role Overview

We are seeking a Cyber Security Risk Analyst to support business and IT projects by identifying, assessing, and mitigating cybersecurity risks through a structured risk management process.

This role acts as a key interface between technical and non‑technical stakeholders, ensuring cybersecurity risks are properly assessed, communicated, and addressed across multiple business domains including E‑commerce, Retail, B2B, HR,Finance, and core IT platforms.

Key Responsibilities:

• Perform cybersecurity risk assessments in line with ISO 27005 and internal risk methodologies.
• Ensure projects are delivered secure by design through risk analysis, security recommendations, and remediation follow‑up.
• Document and communicate risk assessments clearly to both technical and non‑technical stakeholders.
• Review security architectures, including cloud, network, and application integrations.
• Define security objectives and remediation plans aligned with internal security policies and standards.
• Support SecDevOps teams and security champions, with strong focus on CI/CD security, API security, OWASP recommendations, and secure hosting and network architectures.
• Act as a cybersecurity subject matter expert for IT, cybersecurity, and business stakeholders.
• Contribute to or lead initiatives focused on framework enhancement, cybersecurity maturity improvement, and KRI/KPI reporting and dashboards.
• Assess effectiveness of security controls and coordinate action plans with GRC teams.
• Maintain and update the cybersecurity Risk Register, covering strategic and operational risks.
• Deliver risk awareness training for product owners and project managers.
• Build and maintain cybersecurity plans within assigned business scopes.
• Organize penetration tests and other security controls prior to go‑live.
• Manage vendor and subcontractor cybersecurity assessments and audits.

Required Skills

• Strong understanding of cybersecurity principles, threats, and architectures (network, cloud, servers, databases,endpoints, O365).
• Excellent communication and stakeholder management skills.
• Project management capability across multiple parallel initiatives.
• Fluent in written and spoken English.

Certifications (one or more preferred)

• ISO 27001 Lead Auditor or Lead Implementer
• ISO 27005 Risk Manager
• NIST CSF
• CCSK
• CISSP, CISA, CCSP, CEH (or equivalent)