Cybersecurity Risk Analyst

Company Description

ALTER SOLUTIONS is a consulting and technology expertise company founded in 2006. Our mission is to support our clients with their technical and organizational cybersecurity challenges. Our services are structured around the following areas of expertise:

• Security Management
• Architecture and Integration
• Audit and Penetration Testing
• Cyber Defense

We are an international group established in over ten countries, with a team of 750 employees.

Our success is driven by the development and fulfillment of each team member, and we place great importance on providing the best possible working conditions:

• Remote work available for a majority of our projects
• A Flex Office work environment available to everyone at all times to promote communication and collaboration
• Expert communities to share and disseminate skills within the group
• Close project management and HR support
• Annual training and certification opportunities
• Recognition of our consultants' expertise development
• Strong openness to short-term or long-term international mobility

Job Description

We are seeking a Senior Risk Management and Cybersecurity Consultant to lead the modernization and alignment of the risk management framework with industry standards and best practices for one of ou major client. This role requires deep technical expertise in cybersecurity, risk assessment, and compliance, as well as the ability to guide IT projects and develop robust monitoring frameworks.

Key Responsibilities:

• Risk Management Modernization: Lead the initiative to modernize and align the organization's risk management framework with current industry standards and best practices. Provide expert technical guidance in selecting security solutions and conducting cybersecurity assessments for IT projects.

• Monitoring Framework Development: Develop and implement a comprehensive monitoring framework that ensures continuous risk assessment and compliance tracking across all business systems.

• Centralized Risk Monitoring: Deploy a centralized system for real-time risk monitoring and automated assessments, ensuring timely detection and response to potential threats.

• Cybersecurity Maturity Model Implementation: Implement a maturity model to assess and improve the organization's overall cybersecurity posture, ensuring that risk management strategies evolve with emerging threats.

• Data Protection Compliance: Establish and oversee a program to ensure compliance with global data privacy regulations, safeguarding sensitive information across all business units.

• Continuity Planning and Third-Party Risk Management: Develop and implement continuity plans, conduct regular simulations and drills, and create a framework for assessing and managing third-party risks to ensure business resilience.

• Risk-Based Framework Communication: Execute a program to explain and promote the adoption of a risk-based framework throughout the organization. This includes developing and delivering documentation and training for both users and IT specialists.

• Risk Communication Strategy: Create a strategy for timely and transparent risk communication and reporting. Identify, present, and provide solutions for identified risks. Actively participate in the cybersecurity community to share knowledge and best practices.

• Digital Transformation Risk Assessment: Assess and mitigate risks associated with digital transformation initiatives, ensuring that security considerations are integrated into new technologies and processes.

• Technical Support for Audits: Manage and provide technical support during vulnerability and intrusion audits. Disseminate results, define remedial actions, and document existing initiatives and best practices.

• Strategic Risk Mitigation: Conduct risk assessments across all business units, develop strategic mitigation plans, and provide technical support to CISO/CIOs to enhance overall security posture.

• Regulatory Compliance Management (Optional): Implement or assist other business units in establishing a regulatory compliance management system to track, manage, and ensure compliance with relevant laws and regulations across all jurisdictions where the organization operates.

Qualifications

Technical Expertise:

• Strong experience in implementing risk management frameworks, centralized monitoring systems, and cybersecurity maturity models.
• Proficient in deploying and managing tools for real-time risk monitoring, automated assessments, and compliance tracking.
• Hands-on experience with vulnerability management, including assessments, penetration testing, and remediation.
• Solid understanding of cybersecurity technologies such as SIEM, IDS/IPS, and endpoint protection.
• Familiarity with global data privacy regulations and compliance management tools.

Risk Management & Compliance:

• Proven experience in risk management and cybersecurity within large organizations.
• Ability to conduct risk assessments, develop mitigation plans, and support CISO/CIOs in enhancing security posture.

Communication & Leadership:

• Strong communication skills for articulating risk management concepts to both technical and non-technical stakeholders.
• Experience in promoting and implementing risk-based frameworks across an organization.