A large organisation is executing a multi-year programme to achieve compliance with the NIS2 directive and strengthen its operational security posture. This role exists to translate the cybersecurity roadmap into structured, actionable risk analyses across IT, OT and IoT environments, and requires hands-on experience in cybersecurity risk management including familiarity with CYFUN and IoT security.
The mission
You will operate as the senior reference for cybersecurity risk within a cross-functional transformation programme, working closely with the CISO, the Cybersecurity Program Manager and operational teams such as CDS and Infrastructure. The programme covers critical services and supporting infrastructure; your analyses will feed prioritisation decisions and the evidence package for compliance reporting.
Day to day you will lead and perform risk assessments across defined perimeters (IT, OT, cloud and IoT), maintain the organisation's risk register and translate NIS2 obligations into operational risk treatment plans. You will produce decision-ready deliverables such as risk dashboards, executive summaries and audit evidence, and you will follow the implementation of treatment actions until they meet the agreed acceptance criteria.
Your responsibilities
- Translate the cybersecurity roadmap and NIS2 requirements into structured, operational risk analyses that cover processes, systems, infrastructures and critical services.
- Lead and deliver risk assessments across IT, OT, cloud and IoT perimeters, ensuring findings are actionable for both technical teams and business owners.
- Maintain and enrich the risk register, assessing impacts, likelihoods and residual risk, and propose coherent treatment plans combining technical, organisational and procedural measures.
- Analyse and prioritise risks against the organisation's risk appetite, producing clear recommendations for remediation or acceptance.
- Interface between cybersecurity governance and operational teams, turning risk findings into decision-ready orientations and tracking progress of treatment actions.
- Produce standardised reporting and evidence for NIS2 programme reporting and audits, including analytical reports, executive syntheses and risk dashboards.
Your profile
Essential skills
- Senior-level expertise in cybersecurity risk management, with a track record of leading assessments and driving risk treatments.
- Practical understanding of IT and operational environments: systems, networks, identities, cloud, supervision and IoT.
- Proficiency with risk assessment methodologies such as ISO 27005 and EBIOS, and a good working knowledge of NIS2 obligations.
- Ability to structure, prioritise and formalise analyses in complex, multi-stakeholder contexts.
- Strong analytical mindset, rigorous documentation habits and clear decision orientation.
- Excellent interpersonal skills for engaging technical teams, business stakeholders and governance bodies.
Languages
- French: C2 (written and spoken)
Education
- Bachelor or Master in computer science, cybersecurity or equivalent professional experience.