GRC Consultant Risk Management (IT Risk & Cyber)

Main Mission

Consultant capable of designing and implementing an industrialized process for Risk Management.

The consultant must be able to :

Definition of the Risk Strategy

• Define, formalise and maintain a structured risk analysis methodology.
• Develop and maintain templates, policies, standards, and guidance documents.
• Build an service offering for risk analysis activities.
• Harmonise practices across teams and ensure alignment with group-wide expectations.

Industrialisation of the Risk Analysis Process

• Design automated workflows for generating risk analyses
• Automate data collection, pre‑population of fields, consolidation and generation of standardised deliverables.
• Continuously improve the process to reduce effort, improve quality and increase consistency.
• Work closely with customers to integrate business and operational constraints.

Governance, Risk & Compliance

• Good knowledge of cybersecurity frameworks (ISO 27001, NIST CSF, CIS Controls).
• Skills in IT and security risk management.
• Understanding of regulatory requirements: GDPR, DORA, eIDAS, etc.
• Ability to draft policies, procedures, standards, and guidelines.
• Analysis & Project Management
• Ability to coordinate multiple stakeholders (IT, Security, Business teams, HR).
• Strong ability to produce clear and structured deliverables.
• Knowledge of CSSF constraints is an asset.
• Strong vision and expertise in CyberSecurity processes, especially IT risk analysis.
• Affinity with operational process workflows and their optimisation.

Behavioural Skills

• Strong rigour and attention to detail.
• Proactive mindset and ability to take initiative.
• Strong organisational capabilities.
• Critical thinking and problem‑solving mindset.
• Client‑oriented attitude.
• Creativity, innovation, and ability to resolve complex issues.
• Ability to synthesise and simplify complex information.

Language Skills

• French: read, written, spoken.
• English: read, written, spoken.

Bachelor’s/Master’s degree (Computer Science, Cybersecurity, Risk Management, Governance, Audit or equivalent).

Experience in GRC, cybersecurity, IT risk management, IT audit or compliance.

Certifications appreciated: ISO 27001 Lead Implementer / Auditor, ITIL, CISSP, CISM, CISA.

 

As a member of one of Europe’s largest digital solutions providers, you’ll benefit from extensive career development opportunities, both local and international. At the Sopra Steria Academy, you’ll be part of a dynamic network of 56,000 professionals at all stages of their careers. With a wide array of offices to explore, you can find your ideal location and take the next step in your career.

We offer a generous employee benefits package that includes:

• Access to our Sopra Steria training and personal development academy
• A company car lease or mobility budget
• A company laptop and mobile phone
• Private health insurance coverage
• Meal vouchers
• Social security and pension plan
• A competitive salary

Sopra Steria is implementing the tools of the future today at the world’s largest businesses across industry and financial services. By being bold together, our professionals are changing how business is done.

______

Sopra Steria is an equal opportunity employer. All qualified applicants will be considered for employment without regard to age, ancestry, nationality, color, family or medical leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, gender (including pregnancy), sexual orientation or any other characteristic protected by applicable local laws, regulations and ordinances. We foster a work environment that is inclusive and respectful of all differences.