Econocom PSF is looking for a GRC Consultant to carry out engagements related to policy compliance, security requirements governance, as well as risk management. The ideal candidate will have knowledge of risk management, information security governance, cyber-security regulations, security and privacy practices and will be an effective communicator, both written and verbal.
Responsibilities
Developing and participating in the implementation of client initiatives focused on the reduction of technology risk, governance and compliance with policies and external regulatory compliance.
Evaluating business and IT risks with risks analysis standards (EBIOS, ISO 27005, Monarc, Fair...).
Developing IT security standards, procedures, and controls to manage risks.
Improve client's security posture through process improvement, policy, automation, and the continuous evolution of capabilities.
Evaluating information security threats and their impact on clients IT environment.
Supporting and assisting internal team members and customers with the analysis of requirements and design of information security posture, as well as Legal, Regulatory and Scheme security requirements.
Driving the implementation of compliance standards such as ISO/IEC 27001, EU GDPR and helping in the implementation of security process such as incident response.
Performing and investigating internal and external information security risk and exceptions assessments.
Assessing incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
Documenting and reporting control failures and gaps to stakeholders.
Providing remediation guidance and preparing management reports to track remediation activities.
Staying up to date on best practices and technological advancements and acting as a technical resource for security assessment and regulatory compliance.
Performing other related duties as assigned from time to time based on the business requirements.
Actively contributing to the development of Econocom's cyber security offer.
Profile
3-5 years of proven work experience in compliance audit, analysis and risk management, in the consulting business or with an end customer.
Solid knowledge of information security standards and frameworks such as ISO/IEC 27001:2022, ISO/IEC 27005, ISO/IEC 22301 and other IT standards and frameworks such as ITIL, COBIT.
Good understanding of application industry specific reglations such as DORA, NIS-2, GDPR Directive.
Experience of risk management principles and associated methodologies
Excellent communication skills, strong analytical and writing skills in both French and English
Ideally have a CISSP, CISA or CISM qualification
Strong interpersonal and influencing skills with the ability to influence and drive change in a collaborative way both internally and externally
We offer
A competitive & challenging function in an innovative services company with room for initiatives.
An attractive salary package, company car, group insurance and extended hospitalization plan.
At Econocom PSF, you will operate in a professional environment where entrepreneurship is encouraged.