Cyber Security and Risk Management Consultant

Why work at C-Risk?

The company

C-Risk was started in 2016 when the co-founders realized that communication and decision making about technology risk between business stakeholders, IT teams and cyber security experts was often ineffective.

C-Risk provide solutions to quantify information security and technology risk in financial terms to improve decision making and communication.

We help organisations understand information risk in business terms, decide how to prioritize investments to improve cyber resilience and information security compliance.

Our expertise in quantifying cyber risk is based on the FAIR™ standard. In 2017, C-Risk’s founders launched the European chapter of the FAIR Institute to promote the standard.

C-Risk provides the following set of solutions: to help its clients on their Cyber Risk Quantification (CRQ) journey:

• CRQ Enablement services to kickstart internal programs
• CRQ as a managed service (definition of main risk scenarios, financial impact and controls that help reduce those risks)
• CRQ Consulting services
• Training services – from an Executive brief on Cyber Risk to full training on the FAIR™ standard taxonomy and methodology.

At the end of 2022, C-Risk closed a seed round of funding to accelerate its growth in the enterprise market and develop new offers targeted at mid-sized companies.

Job description

Your Role :

You will participate and lead cyber risk quantification projects and assist our clients with making decisions on how best to protect their digital assets and communicate cyber risk exposure. Successful candidates will be interested in cyber risk from a threat, vulnerability, and controls perceptive and will also be interested in understanding and modelling the business drivers of financial loss resulting from cyber incidents.

This role also involves providing input to future internal C-Risk product management and ongoing development of our knowledge base of cyber risk scenario and associated data points.

As part of the role, you will perform the following activities :

Cyber Risk Quantification (CRQ) consulting and managed service solutions

• Scoping projects
• Gather information about the clients organization
• Analysis of project objectives
• Development of the project plan and project governance
• Identification of clients value chains and critical digital assets in order to understand the business metrics and how the company generates value.
• Measure of client cyber security controls maturity and capability
• Development and analysis of risk scenarios
• Quantification of risk scenario exposure in financial terms
• Identification of programs of work to reduce financial risk exposure.
• Production of deliverables and presentation of the results to our customers.
• Usage and support of quantification and other security governance Software platforms (onboarding, configuration, running scenarios etc..)
• Participating in sales activities with potential clients.

Cyber Security Governance consulting services

• Policy creation and customization
• Governance model customization
• Definition of KPI’s and development of ongoing oversight
• Process definition in partnership with the client
• Selection of tools to automate process
• Project scoping and management
• Development and facilitation of workshops
• Transition of process into customer environment
• Creation of program plans, budgets, and roadmaps

A secondary objective of this role is participation in the development of C-Risk solutions.

Research and creation of CRQ original content

• Identifying and analyzing data sources concerning cyber incident frequency and financial loss and control effectiveness.
• Contributing to the C-Risk intellectual property related to cyber risk scenarios.
• Contributing to the creation and the improvement of C-Risk's training content.

Definition and implementation of C-Risk development projects

• Training: Between client assignments, you will receive ongoing training in risk quantification and information security governance.
• On arrival, you will receive training in the FAIR methodology and preparation for OPEN FAIR certification.
• We provide support for our team members who wish to achieve industry standard certifications such as CISSP, CISM, CRISC, etc..
• Take part in the definition of the company's roadmap and in the implementation of development projects (new offers, process improvement, capitalisation on completed assignments, recruitment, etc.)
• Take part in the creation and the improvement of C-Risk's training content and of the content that will contribute to the recognition of the company’s expertise.

Your team

You will collaborate on a daily basis with the founders of C-Risk and our team of experienced consultants who are passionate about improving the way in which cyber security governance is managed.

What we are looking for

You have a perfect command of English, both written and spoken, to discuss with the clients about their issues and to produce the appropriate deliverables.

• You have extensive knowledge of cybersecurity controls (and associated frameworks) and a general IT culture, which makes you able to understand cybersecurity issues.
• You have approximately 5 years of experience in direct collaboration with client IT or business functions, which has made you develop a business vision and a consultative stance.
• You are open-minded and curious enough to follow the evolution of cuttingedge technologies, you continuously hone your skills and sharpen your business sense.
• You can travel to meet clients across Europe to carry out workshops.

What we have to offer you

• A rewarding and challenging activity: by working with business leaders to protect them from ever-changing threats, you will have to carry out assignments in the emerging field of risk management and cyber security.
• An input on strategic decisions: Christophe and Tom are keen on involving the whole team in the decision-making process and they consider having different perspectives is a strength as it challenges the strategy.
• The development of your expertise: it is a key aspect to continue the quality of our support. You will be trained on arrival and then take the Open FAIR certification. You will benefit from the synergy of team assignments, the sharing of best practices and the capitalisation on CRQ subscriptions.
• A balance between your professional and personal life: you can work from wherever you want. We take care of buying you remote work equipment if you are not properly equipped (large screen, comfortable office chair) and we can also pay for a coworking space subscription.