Why work with us ?

  • C-Risk is a European leader in using cyber risk financial quantification (CRQ) to improve information security governance. We help organizations understand and measure cyber risk in financial terms and make informed decisions on how to increase their cyber resilience.

  • We are looking for unassuming personalities with a passion for excellence and for delivering what is best for our customers. If you feel that way too, please check out our openings or drop us a note and let's get to know each other.

Cyber Security and Risk Management Consultant

Full-time - Paris La Défense

C-Risk is a start-up and a European leader in consulting, managed services and training on the financial quantification of cyber risk (CRQ). We help organizations understand and measure cyber risk in financial terms to improve information security governance and increase their cyber resilience.

Cyber Risk Quantification is rapidly becoming an essential tool to improve decision making regarding security controls investment. Joining the C-Risk team is an opportunity to work in an organisation which is passionate about CRQ and which aims to become the European leader in this exciting new domain.

Our team is international and multi-cultural. We appreciate people who are curious, attentive, are highly autonomous and can adapt to a rapid growth environment. 


We are looking for an experienced cyber security and risk management consultant to lead cyber risk quantification projects across the European region.

You are fluent in English and your role will be to ensure that projects are completed on time, on budget and achieve their objectives.

Our services focus on

  • Measuring cyber security posture, 

  • Assessing the level of compliance with standards and control frameworks such as ISO27001, NIST, GDPR, and PCI-DSS 

  • Quantifying risks in financial terms using the FAIR framework,

  • Providing a roadmap to increase cyber resilience using the output of CRQ analysis and control posture.


Your Role:
Pre-Sales Activities:

  • Presentation of C-Risk solutions in the areas of scoring and quantification of cyber risks and using this data to improve the governance of information security.

  • Discovery of customer needs and pain points.

  • Design, documentation, and presentation of consulting offers.

Project management services:

  • Project scoping

  • Coordination of consultant activities

  • Project reporting

  • Contribution to the interpretation and presentation of results to an executive audience.

Cyber Risk Quantification:

  • Using the FAIR framework:

    • Scoping of risk scenarios

    • Collection & estimation of security controls and event data

    • Collection & estimation of financial impact data

    • Analysis & interpretation

    • Decision making using the CRQ output.

  • Using CRQ Software platforms (Configuration, running scenarios etc..)

  • Tailoring and presenting results to the customer including interaction with executive level stakeholders.

  • Using and Contributing to the C-Risk knowledge library of Cyber Risk Scenarios.

We will provide extensive training on the FAIR CRQ framework and the corresponding software platforms which we use to deliver our services.

Required skills

  • University Degree ideally with a specialisation in computer science, business, economics and/or IT Security. 

  • You have 10 years of experience, including 5 as a consultant in IT security and / or cyber risk management.

  • You will be comfortable working with both cyber security controls and measurement of the financial impact of incidents.

o    Information security governance
o    Cyber security maturity and controls standards such as CIS, NIST, ISO27001, CVSS, etc..
o    Risk management concepts and standards such as ISO 31000, 2700X, FAIR, EBIOS or equivalent. 
o    High level understanding of GDPR and associated data Privacy controls.
o    Comfortable working with the financial measurement of security incidents You will enjoy building and using excel models.
o    Comfortable collecting defendable data to measure scenarios. 


Ideally, you have an information security certification such as CISSP, CRISC, CISM, or CISA. This is not mandatory, but you must have the motivation to obtain the CISSP certification with our assistance.  


You have a critical and analytical mind allowing you to quickly understand customer issues and to produce quality deliverables.

Excellent verbal and written communicator, you are bilingual French / English and you have excellent interpersonal skills required to develop a trusted advisor relationship with our clients. You will have worked for at least 2 years in an English-speaking environment. We will consider certain candidates who do not speak fluent French but are native English speakers. 



Wojo - Cœur Défense - Tour A

110 esplanade du Général de Gaulle

92931 Paris La Défense




+33 (0)1 84 207 005

20190429 - C-Risk Logo.png
  • Blanc Twitter Icon
  • Blanc LinkedIn Icône

Propulsé par Station Spatiale