Cyber Security Risk Analyst
Cyber Security Risk Analyst
Location: Annecy (France) or Munich (Germany)
Contract: 6 months (extendable)
Business Area: Cyber Security & Risk Management
Start Date: ASAP
Role Overview
We are seeking a Cyber Security Risk Analyst to support business and IT projects by identifying, assessing, and mitigating
cybersecurity risks through a structured risk management process.
This role acts as a key interface between technical and non‑technical stakeholders, ensuring cybersecurity risks are
properly assessed, communicated, and addressed across multiple business domains including E‑commerce, Retail, B2B, HR,Finance, and core IT platforms.
Key Responsibilities:
- Perform cybersecurity risk assessments in line with ISO 27005 and internal risk methodologies.
- Ensure projects are delivered secure by design through risk analysis, security recommendations, and remediation follow‑up.
- Document and communicate risk assessments clearly to both technical and non‑technical stakeholders.
- Review security architectures, including cloud, network, and application integrations.
- Define security objectives and remediation plans aligned with internal security policies and standards.
- Support SecDevOps teams and security champions, with strong focus on CI/CD security, API security, OWASP recommendations, and secure hosting and network architectures.
- Act as a cybersecurity subject matter expert for IT, cybersecurity, and business stakeholders.
- Contribute to or lead initiatives focused on framework enhancement, cybersecurity maturity improvement, and KRI/KPI reporting and dashboards.
- Assess effectiveness of security controls and coordinate action plans with GRC teams.
- Maintain and update the cybersecurity Risk Register, covering strategic and operational risks.
- Deliver risk awareness training for product owners and project managers.
- Build and maintain cybersecurity plans within assigned business scopes.
- Organize penetration tests and other security controls prior to go‑live.
- Manage vendor and subcontractor cybersecurity assessments and audits.
Required Skills
- Strong understanding of cybersecurity principles, threats, and architectures (network, cloud, servers, databases,endpoints, O365).
- Excellent communication and stakeholder management skills.
- Project management capability across multiple parallel initiatives.
- Fluent in written and spoken English.
Certifications (one or more preferred)
- ISO 27001 Lead Auditor or Lead Implementer
- ISO 27005 Risk Manager
- NIST CSF
- CCSK
- CISSP, CISA, CCSP, CEH (or equivalent)
FAQs
Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your CV and details on file so when we see similar roles or see skillsets that drive growth in organisations, we will always reach out to discuss opportunities.
Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.
We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business.
That's why we recommend registering your CV so you can be considered for roles that have yet to be created.
Yes, we help with CV and interview preparation. From customised support on how to optimise your CV to interview preparation and compensation negotiations, we advocate for you throughout your next career move.