Information Security Risk Analyst M/F

Responsibilities

• Conducting security risk analyses on IT projects and initiatives, ensuring compliance with policies, internal standards, and reference frameworks (ISO 27001, NIST, DORA, GDPR).
• Participating in the planning and design phases of solutions, assessing security impacts and proposing mitigating controls. Direct involvement with project, architecture, development, infrastructure and business representative teams to gather the information necessary for risk assessment.
• Validation of security requirements in procurement and onboarding of third parties.
• Conducting phishing simulations and awareness campaigns.
• Responding to audit requests (internal, external, supervisors) with evidence, justifications and documentation of controls applied. Technical implementation of security controls.
• Identification, monitoring and validation of vulnerability remediation actions, in coordination with other teams.
• Cybersecurity maintenance using monitoring platforms. Monitoring and investigation of cybersecurity alerts.
• Participation in incident response: root cause investigation, containment, eradication and forensics support.
• Support for the secure development cycle, penetration testing, vulnerability identification and security architecture review.
• Regular review of access control policies and user privileges.
• Monitoring action plans to ensure compliance and alignment with standards and regulations.
• Creating reports and dashboards for technical and non-technical audiences within their areas of intervention.
• Management of the SOC service.
• Acting as a liaison with other company structures on issues related to cybersecurity and IT risk.
• Liaising with the Credit Agricole group on cybersecurity and IT risk issues.
• Developing communication and awareness plans on IT risks and cybersecurity.
• Developing, implementing and maintaining the cyber and IT risk management framework in line with best practices and the group.
• Identifying, assessing and prioritising cyber and IT risks in assets, processes, systems and suppliers.
• Defining and monitoring IT risk and cybersecurity treatment plans.

Geographical area

Europe, Portugal

City

Lisbon

Hybrid

Education

Bachelor Degree / BSc Degree or equivalent

Bachelor's or Master's degree in Computer Engineering, Information Security, Management or similar.

Level of minimal experience

3-5 years

Experience

Minimum of 4 years' experience in IT risk management or cybersecurity roles.

Required skills

• Analytical and problem-solving skills;
• Ability to manage time and priorities in order to achieve objectives, considering multiple deadlines and initiatives simultaneously;
• Ability to analyse and structure information so that it can be shared and communicated to other stakeholders and teams.
• Resilience and autonomy;
• Organisational skills, rigour, time management and teamwork;

Technical skills required

• Solid knowledge of cybersecurity concepts, including malware, phishing, ransomware, DDoS, and intrusion techniques.
• Familiarity with security tools and platforms such as:
  SIEM (e.g., QRadar, Azure Sentinel)
  EDR – Endpoint Detection and Response – (e.g., Microsoft Defender)
  Vulnerability scanners (e.g., Tenable.io)
  Firewalls and VPNs
  DLP – Data Loss Protection – (e.g., Microsoft Purview)
  Familiarity with scripts or programming (e.g., Python, Bash, PowerShell).
• Knowledge of systems, network and application architecture.
• Proficiency with network protocols and services (TCP/IP, DNS, HTTP, etc.).
• Familiarity with cloud security knowledge (e.g. Azure AD, IAM, Conditional Access), having participated in its configuration/management.
• Knowledge and interpretation of frameworks and regulatory standards (ISO 27001, NIST, DORA, GDPR).

Languages

Portuguese and English

General information

Crédit Agricole Assurances, France's largest insurance group, unites together Crédit Agricole's insurance subsidiaries. The Group offers a range of savings, retirement, health, personal protection and property insurance products and services. At the end of 2024, Crédit Agricole Assurances has 6,700 employees and Its premium income amounted to €43,6 billion.

With more than 25 years of experience, Mudum Seguros ranks in the top 5 of the bancassurers in Portugal. Innovative and at the service of its partners, mainly the Novo Banco Group and more recently Credibom, its primary mission is to protect their individual customers, and professionals and small businesses from the hazards of life. It thus supports them on a daily basis in their needs to protect their health, their property, their projects and their family. Its 75 employees are united by strong values: customer orientation, the pursuit of excellence, individual initiative, honesty and integrity and team spirit.

By working every day in the interest of society, we are a Group committed to diversity and inclusion and place people at the heart of all our transformations. All our job offers are open to persons with disabilities.