Risk Assessment Analyst

A large public-sector organisation is running a transformation programme to reach compliance with the NIS2 directive and strengthen its cyber risk governance. The team applies the CYFUN framework alongside established cyber security risk methods to assess threats to major systems, processes and critical assets. This role exists to produce reliable, traceable risk analyses that feed prioritisation and remediation decisions across business units.

The mission

This programme covers entity-level and system-level assessments required for NIS2 compliance, inventorying critical assets, documenting controls and demonstrating evidence for audits. Analyses will follow defined methodologies for impact qualification, likelihood estimation and residual risk evaluation, and will be integrated into the organisations risk register and compliance reporting.

You will operate under the Cybersecurity Risk Manager coordination and work closely with technical teams, project leads and business stakeholders to collect contextual information, validate assumptions and ensure clarity of findings. Typical outputs include structured analysis reports, risk matrices, decision support tables and audit evidence; your work will directly influence treatment plans and control prioritisation.

Your responsibilities

• Deliver clear, evidence-based risk assessments on critical assets, systems and processes that inform remediation and investment decisions
• Collect and consolidate technical and business information, mapping perimeters, data flows, existing controls and threat scenarios
• Apply defined risk methodologies to quantify impact, estimate likelihood and calculate residual risk, ensuring traceability of assumptions
• Maintain and update the cybersecurity risk register and produce consolidated risk views for governance meetings
• Produce decision-ready deliverables, including executive summaries, risk tables and justification elements for compliance reviewers
• Support preparation of audit evidence and respond to queries during audits, reviews and NIS2 controls

Your profile

Essential skills

• Practical knowledge of cyber security concepts across systems, networks, applications and services
• Familiarity with the NIS2 directive and experience applying compliance requirements in assessments
• Experience with the CYFUN framework or comparable cybersecurity risk frameworks
• Strong risk management capabilities: structuring complex information, documenting assumptions and producing traceable analyses
• Ability to communicate analysis clearly to technical and non-technical stakeholders, both written and oral
• Medior level professional experience in risk assessments, compliance or cybersecurity contexts

Languages

• French, C2 (fluent written and spoken)

Education

• Bachelors or Masters degree in computer science, cybersecurity, risk management or a related field