Risk & Compliance analyst (F/M- any location)

Within the EQUANS IT department, you will be part of the Cyber Customer Trust team, that helps the EQUANS business units delivering cyber secure solutions to their customers.

This team is led by the Cyber Customer Trust director and is reporting to the Global CISO.

As a Risk & Compliance Analyst in the Shared Line of Service (SLS) Cyber Customer Trust, you will be tasked with providing global support to local cyber teams responsible for securing the service offerings of their businesses, including digital and OT. For example, to better protect our clients’ operations and data, this may involve analysing the risks that apply on their projects with Equans and proposing sustainable security plans for their projects.

In this context, your main missions and activities will include:

• Conduct risk assessments on these projects/bids/contracts to identify possible risks for the EQUANS business and for the customers. This includes advising business units in improving the used solutions, and provide recommendations for them to improve their cybersecurity level.
• Help creating and maintaining an inventory of ongoing projects/bids between EQUANS and its clients that involve digital solutions.
• Assist in developing a catalogue of cyber services that can be integrated into our commercial offers including Digital/OT (consultancy, risk analysis, technical audits, security procedures, etc.).
• Steer the audit and compliance checks (technical audits, configuration reviews, etc.) on products, bids and contracts with the support of internal or external experts (pentesters, legal teams, etc.).
• Help build and maintain awareness material to explain the role of the CCT team and the growing importance of laws, directives and regulations in the cyber landscape (NIS2, CRA, etc.).

Your profile:

• You have a higher education degree (an Engineering degree in cybersecurity or a Master’s degree in Computer Science and networks) or a proven experience in governance, risk and compliance (more than 3 years) ;
• You have a good knowledge of security information frameworks and risk management (ISO/IEC 27001, 27002 et 27005, NIST, EBIOS,…);
• You have basic knowledge of the current EU regulations (CRA, NIS2, DORA) and their stakes, and want to deep-dive to help our businesses become compliant;
• You have a good understanding of our clients’ business challenges;
• You are comfortable working in a decentralized and multicultural organization, with heterogenous maturity levels in terms of cybersecurity and architecture practices;
• You are autonomous, energetic and show initiative;
• You are a good communicator, develop and maintain good relationships;
• You have strong ethics, and can exercise discretion;
• You are fluent in English and French.