Cyber GRC Technical Consultant

IT and Cyber GRC Technical Consultant

The ideal candidate is a Cybersecurity enthusiast with fluent English and French, strong analytical skills, and a consulting mindset.

Mission description
The GRC Expert plays a critical role in ensuring that IT and Cyber GRC activities are aligned with industry's best practices and regulatory requirements:

• Contributes to the management of GRC processes and tools operations in line with the strategic vision
• Brings GRC evolutions and changes into production with strong focus on quality and user experience.
• Provides guidance and support to IT and business units in effectively implementing IT and Cyber Governance, Risk and Compliance in their scope.
• Collaborates with internal clients to clarify expectations and address blocking points, ensuring adequate understanding and buy-in.

The mission implies taking on different roles: service delivery, process design, requirement analysis, priority definition, task planning and organization, stakeholder management, user training and communication.

Core responsibilities
Processes and tools

• Contribute to design and maintenance of Agile GRC processes within the Group's framework.
• Monitor GRC tools performance, resolve incidents and escalate issues promptly.
• Simplify GRC processes and tools while preserving critical interdependencies.

Stakeholder and change leadership

• Translate local/Group requirements into efficient, pragmatic GRC solutions.
• Work with local/Group teams to align solutions architecture with global GRC strategy.
• Contribute to and influence as much as possible the Group GRC program.
• Help teams define their requirements and challenge them for an effective implementation in the GRC tool.
• Lead Opus/Feature/User Story implementation and resolve interdependencies of different agile constructs.

User support and reporting

• Design effective reporting/dashboards to support decision-making.
• Onboard Tribes and Control functions in GRC tools; maintain documentation and training material.
• Organize agile ceremonies with all stakeholders to ensure transparency.

Certification

Optional: (ISC)2CISSP or CGRC; ISACA CISA, CISM or CGEIT or relevant equivalents.

Languages Requirement

French

Required knowledge/Experience

Experience

To succeed in this role the candidate will demonstrate a solid background in cybersecurity and a broad understanding of its fundamental concepts, the risks and security issues inherent to corporate IT environments and how to manage them.
Additionally, 5+ years of professional experience in GRC, encompassing cyber risk, third-party security, compliance control, project management, process design and improvement, delivering presentations and training to diverse audiences.

Technical Experience

Mandatory

• Strong IT background.
• Significant experience in working with cloud services (SaaS, HSP, AWS, Microsoft 365).
• Knowledge of software development security best practices, network/OS security, PAM, containerization.
• Working experience with a GRC suite.

Preferable

• Experience in vulnerability management and penetration testing.
• Hands-on experience with Service Now GRC.

Business Experience

Mandatory

• Knowledge of Information Security and Risk Management frameworks (ISO27001, SOC, NIST, OWASP, etc.), regulations (eg EBA guidelines on risks and outsourcing, PSD2, GDPR, DORA) and market standards (eg PCI-DSS).
• Knowledge of control frameworks and audit methodologies.
• Exposure to risk management, third-party security, compliance control.
• Work experience in financial services and large corporate environments.