Risk & Compliance Analyst – SLS Cyber Customer Trust (M/F/X)

As part of its new organization and the global challenges in the field of cybersecurity, the IT Department of EQUANS is looking for:

SLS Cyber Customer Trust Risk & Compliance Analyst (M/F/X)

Location : any

Within the EQUANS IT department, you will be part of the Cyber Customer Trust team, that helps the EQUANS business units delivering cyber secure solutions to their customers.

This team is led by the Cyber Customer Trust director and is reporting to the Global CISO.

As a Risk & Compliance Analyst in the Shared Line of Service (SLS) Cyber Customer Trust, you will be tasked with providing global support to local cyber teams responsible for securing the service offerings of their businesses, including digital and OT. For example, to better protect our clients’ operations and data, this may involve analysing the risks that apply on their projects with Equans and proposing sustainable security plans for their projects.

In this context, your main missions and activities will include:

• Conduct risk assessments on these projects/bids/contracts to identify possible risks for the EQUANS business and for the customers. This includes advising business units in improving the used solutions, and provide recommendations for them to improve their cybersecurity level.
• Conduct risk assessments on vendors and third-party products, check for compliance and assist in creating a catalog of approved vendors and OT-products.
• Build and maintain awareness material to explain the role of the CCT team and the growing importance of laws, directives and regulations in the cyber landscape (NIS2, CRA, etc.).
• Be the evangelist of the created awareness material in the different Business Units.
• Help maintaining the inventory of ongoing projects/bids between EQUANS and its clients that involve digital solutions.
• Help with the audit and compliance checks done by the other CCT risk assessors (technical audits, configuration reviews, etc.) on products, bids and contracts with the support of internal or external experts (pentesters, legal teams, etc.).

Your profile:

• You have a higher education degree (an Engineering degree in cybersecurity or a Master’s degree in Computer Science and networks) or a proven experience in governance, risk and compliance (more than 3 years) ;
• You have a good knowledge of security information frameworks and risk management (ISO/IEC 27001, 27002 et 27005, NIST, EBIOS,…);
• You have basic knowledge of the current EU regulations (CRA, NIS2, DORA) and their stakes, and want to deep-dive to help our businesses become compliant;
• You have a good understanding of our clients’ business challenges;
• You are comfortable working in a decentralized and multicultural organization, with heterogenous maturity levels in terms of cybersecurity and architecture practices;
• You are autonomous, energetic and show initiative;
• You are a good communicator, develop and maintain good relationships;
• You have strong ethics, and can exercise discretion;
• You are fluent in English.