Cyber Security and Risk Management Consultant

Full-time - Anywhere in Europe

Why work at C-Risk?

C-Risk provides solutions to measure, quantify and manage cyber risk. We help organisations to measure and understand cyber risk in business terms, to improve their security governance and increase their cyber resilience.

Cyber Risk Quantification (CRQ) is rapidly becoming an essential tool to improve decision making regarding security controls investment. Joining the C-Risk team is an opportunity to work in an organisation which is passionate about CRQ and aims to become the European leader in this exciting new domain.

Our team is international and multi-cultural. We appreciate people who are curious, attentive, highly autonomous and can adapt to a rapidly growing environment.

Our services focus on

  • Measuring cyber security posture using automated tools such as cyber rating platforms
  • Assessing the level of compliance with standards, regulations and control frameworks such as ISO27001, NIST, GDPR, and PCI-DSS
  • Quantifying risks in financial terms using the FAIR framework
  • Providing a roadmap to increase cyber resilience using the output of a CRQ analysis and a control assessment
  • We assess both our clients own risk posture and that of their 3rd parties.

You wantto join us ?

Job Description

We are looking for a cyber security and risk management consultant to contribute to cyber risk assessments and quantification projects across the European region.

Your role

It will include supporting various types of consulting services

  • Risk assessments, security scoring reports and compliance reviews
  • Assist in the development of customer presentations
  • Participate in project scoping and reporting Produce deliverables and present results to customer.
  • Using scoring and quantification Software platforms (onboarding, configuration, running scenarios etc..)

We will provide extensive training on the FAIR CRQ framework and the corresponding software platforms which we use to deliver our services.

Education, experience and Skills

  • University Degree ideally with a specialisation in computer science, business, economics and/or IT Security.
  • You have 1 to 3 years of experience, with a keen interest in becoming consultant in IT security and / or cyber risk management.
  • You are comfortable working with both cyber security controls and measurement of the financial impact of incidents. In other words you are interested in both controls (technical or business process) and the business impact of cyber security.

Desirable Skills :

  • Exposure to Risk management concepts and standards such as ISO 31000, 2700X, FAIR, EBIOS or equivalent
  • Exposure to GDPR and associated data Privacy controls
  • Ability to quickly learn and understand terminology and processes specific to cyber risk management
  • Comfortable with financial models and basic statistics. You can build and maintain excel models of a medium level of complexity
  • You have strong written and visual communications skills. You are capable of understanding a complex scenario, documenting it in detail and also providing a concise summary. You enjoy creating visual documents using tools such as PowerPoint.

You are motivated to obtain an information security certification such as CISSP, CRISC, CISM, or CISA.

You are self-driven and work well with minimum supervision. You have a critical and analytic mind allowing you to quickly understand customer issues and to produce quality deliverables.

Excellent verbal and written communicator, you are bilingual French / English and you have excellent interpersonal skills. You will have studied or worked for at least 2 years in an English-speaking environment. We will consider certain candidates who do not speak fluent French but are native English speakers.

You can be based anywhere in Europe, but must be willing to travel when necessary.

To apply, please send us your resume at: