Job Opening

Cyber Security and Risk Management Consultant

Full-time - Anywhere in Europe

Why work at C-Risk?


C-Risk was created in 2016 following the observation that discussions around information security and cyber risks were difficult between business and IT experts.

We provide our clients with a business vision and a financial assessment of cyber risks, which enables company managers to make information security decisions while meeting the challenges of their company.

Our expertise in quantifying cyber risks is based on the FAIR™ standard. In 2017, C-Risk’s founders created the European branch of the FAIR™ Institute to promote the standard as well as its methodology.

At C-Risk, we support our client’s cyber risk management through solutions based on cyber risk quantification (CRQ) such as:

  • A one-off service (definition of main risk scenarios, financial impact, and controls that help reduce those risks)
  • An annual subscription (managed services to define risk scenarios and optimise risk management).
  • A FAIR™️ method training course to support the implementation of a programme of financial quantification of cyber risks.

The context of this recruitment opportunity

The positive market response that C-Risk has met is leading the company to strong growth. We are opening 2 cybersecurity and risk management consultant positions in order to continue the growth of the company and develop new projects.

We are more specifically working on a new offer to make the subscription accessible to as many companies as possible while taking their level of cyber risk management maturity into consideration.

You wantto join us ?

Job Description


We are looking for a cyber security and risk management consultant to contribute to cyber risk assessments and quantification projects across the European region.

Your role

Your role is to participate and lead cyber risk quantification projects and assist our clients with making decisions on how best to project their digital assets and communicate cyber risk exposure. Successful candidates will be interested in cyber risk from a threat, vulnerability, and controls perceptive and will also be interested in understanding and modelling the business drivers of financial loss resulting from cyber incidents.

This role also involves providing input to future internal C-Risk product management and ongoing development of our knowledge base of cyber risk scenario and associated data points.

This role involves performing the following activities in support of our Cyber Risk Quantification (CRQ) consulting and managed service solutions:

  • Scoping projects
  • Gather information about the clients organisation
  • Analysis of project objectives
  • Development of the project plan and project governance
  • Identification of clients value chain and critical digital assets assets in order to understand the business metrics and how the company generates value.
  • Measure of client cyber security controls maturity and capability
  • Development and analysis of risk scenarios
  • Quantification of risk scenario exposure in financial terms
  • Identification of programs of work to reduce financial risk exposure.
  • Production of deliverables and presentation of the results to our customers.
  • Usage and support of quantification and other security governance Software platforms (onboarding, configuration, running scenarios etc..)
  • Participating in sales activities with potential clients.

This role also involves performing the following activities in support of our Cyber Security Governance consulting services:

  • Policy creation and customization
  • Governance model customization
  • Definition of KPI’s and development of ongoing oversight
  • Process definition in partnership with the client
  • Selection of tools to automate process
  • Project scoping and management
  • Development and facilitation of workshops
  • Transition of process into customer environment
  • Creation of program plans, budgets, and roadmaps

A secondary objective of this role is participation in the development of C-Risk solutions.

This aspect of the job involves performing research and creation of original content in the domain of cyber risk quantification.

  • Identifying and analyzing data sources concerning cyber incident frequency and financial loss and control effectiveness.
  • Contributing to the C-Risk intellectual property related to cyber risk scenarios.
  • Contributing to the creation and the improvement of C-Risk's training content.

Training and Development:

Between client assignments, you will receive ongoing training in risk quantification and information security governance.

On arrival, you will receive training in the FAIR methodology and preparation for OPEN FAIR certification.

We provide support for our team members who wish to achieve industry standard certifications such as CISSP, CISM, CRISC, etc..

Our team : 

You will collaborate on a daily basis with the founders of C-Risk and our team of experienced consultants who are passionate about improving the way in which cyber security governance is managed. You will also work a diverse group of clients in different industries and countries.

Location and Travel:

This role is remote. C-Risk is headquartered in Paris, France and has a subsidiary in Ireland. We work remotely and provide employees with a professional co-working environment close to their home.

The majority of our customer engagements are performed remotely however there is an occasional requirement to travel in Europe to meet customers, business partners and of course team members.

What we are looking for : 

  • Your English is fluent and you are completely at ease working in English with clients and the C-Risk team. You will be required to present to customers and run workshops in English.
  • You have extensive knowledge of cybersecurity threats, vulnerabilities and controls (and associated frameworks) and a strong general IT culture
  • You have a minimum of 5 years of professional experience in a role involving interaction with information security and risk, IT or business functions.
  • You have developed an understanding and interest in how business and organisations function. For example business models, business metrics such as revenue, income etc..
  • You are motivated by the idea of working on customer assignments and acting in the role of trusted advisor and consultant.
  • You are open-minded and are curious and passionate about all aspects of information security.

What we have to offer you: 

  • Rewarding and challenging work. You will interact with senior business leaders and information security professionals in order to protect them from ever evolving threat landscape.
  • Input on strategic decisions: Christophe and Tom are keen on involving the whole team in the decision making process and they consider having different perspectives is an important strength.
  • Training and Development: You will be trained on arrival and then take the Open FAIR certification. We provide support for our team members who wish to achieve industry standard certifications such as CISSP, CISM, CRISC, etc..
  • Work Life Balance is part of our core values. You can work from the location of your choice. We provide remote working equipment if required (large screen, comfortable office chair) and we can also pay for a coworking space subscription. You may adapt your working hours if you wish.

Recruitment process

You will have an initial interview with Emeline, hiring consultant.

Then you will talk with Lydie and C-Risk’s co-founders: Christophe and Tom.

The objective will be to discuss our shared values, and review the work you performed in your past professional experiences to validate that it meets the level quality and expertise we expect and we advertise to our clients.

To apply, send us your resume here