Type de contrat :
Permanent Contract

Information Security Risk Analyst M/F

Modified on 10/04/2026

  • Lieu : Lisbon - Portugal
  • Secteur : Insurance
  • Numéro de l'offre : 2026-109598

Job description

• Conducting security risk analyses on IT projects and initiatives, ensuring compliance with policies, internal standards, and reference frameworks (ISO 27001, NIST, DORA, GDPR).
• Participating in the planning and design phases of solutions, assessing security impacts and proposing mitigating controls. Direct involvement with project, architecture, development, infrastructure and business representative teams to gather the information necessary for risk assessment.
• Validation of security requirements in procurement and onboarding of third parties.
• Conducting phishing simulations and awareness campaigns.
• Responding to audit requests (internal, external, supervisors) with evidence, justifications and documentation of controls applied. Technical implementation of security controls.
• Identification, monitoring and validation of vulnerability remediation actions, in coordination with other teams.
• Cybersecurity maintenance using monitoring platforms. Monitoring and investigation of cybersecurity alerts.
• Participation in incident response: root cause investigation, containment, eradication and forensics support.
• Support for the secure development cycle, penetration testing, vulnerability identification and security architecture review.
• Regular review of access control policies and user privileges.

• Monitoring action plans to ensure compliance and alignment with standards and regulations.
• Creating reports and dashboards for technical and non-technical audiences within their areas of intervention.
• Management of the SOC service.
• Acting as a liaison with other company structures on issues related to cybersecurity and IT risk.
• Liaising with the Credit Agricole group on cybersecurity and IT risk issues.
• Developing communication and awareness plans on IT risks and cybersecurity.
• Developing, implementing and maintaining the cyber and IT risk management framework in line with best practices and the group.
• Identifying, assessing and prioritising cyber and IT risks in assets, processes, systems and suppliers.
• Defining and monitoring IT risk and cybersecurity treatment plans.

Télétravail : hybrid

  • Starting date
    01/04/2026
    Position with management
    No
    Minimum level of study
    Bachelor Degree / BSc Degree or equivalent
    Training / Specialization
    Bachelor's or Master's degree in Computer Engineering, Information Security, Management or similar.
    Minimum of 4 years' experience in IT risk management or cybersecurity roles.
    Minimum experience level
    3-5 years
    Skills needed
    • Good communication skills;
    • Analytical and problem-solving skills;
    • Ability to manage time and priorities in order to achieve objectives, considering multiple deadlines and initiatives simultaneously;
    • Ability to analyse and structure information so that it can be shared and communicated to other stakeholders and teams.
    • Resilience and autonomy;
    • Organisational skills, rigour, time management and teamwork;
    IT tools
    • Solid knowledge of cybersecurity concepts, including malware, phishing, ransomware, DDoS, and intrusion techniques.
    • Familiarity with security tools and platforms such as:
      SIEM (e.g., QRadar, Azure Sentinel)
      EDR – Endpoint Detection and Response – (e.g., Microsoft Defender)
      Vulnerability scanners (e.g. Tenable.io)
      Firewalls and VPNs
      DLP – Data Loss Protection – (e.g. Microsoft Purview)
      Familiarity with scripts or programming (e.g. Python, Bash, PowerShell).
    • Knowledge of systems, network and application architecture.
    • Proficiency with network protocols and services (TCP/IP, DNS, HTTP, etc.).
    • Familiarity with cloud security knowledge (e.g. Azure AD, IAM, Conditional Access), having participated in its configuration/management.
    • Knowledge and interpretation of frameworks and regulatory standards (ISO 27001, NIST, DORA, GDPR).
    Languages
    Portuguese and English

  • Mudum Seguros is the Portuguese subsidiary of Crédit Agricole Assurances, the leading bancassurance company in Europe. With over 25 years of experience, Mudum Seguros is one of the top 5 property & casualty insurers in Portugal. We design insurance solutions for individuals, professionals and small businesses. They are distributed via the banking networks of Novo Banco and Credibom.
    The company has a team of around 75 employees, united around common values: customer focus, the pursuit of excellence, team spirit and initiative, and integrity.

    By working every day in the interest of society, we are a Group committed to diversity and inclusion and place people at the heart of all our transformations. All our job offersare open to persons with disabilities.

Crédit Agricole Assurances

Crédit Agricole Assurances

Information Security Risk Analyst M/F

Published the 03/03/2026

Type de contrat :
Permanent Contract
  • Lisbon - Portugal
  • Insurance
  • 2026-109598
Join
-us

Our benefits

Working from home

This is a working method that has existed within Crédit Agricole Assurances for many years.

Training

Numerous face-to-face and remote levers: learning from others, giving and receiving feedback, taking training courses, enhancing experience, taking on new missions, or another example, unlimited access to LinkedIn Learning's more than 10,000 digital content.

Crossovers

A wide range of support (events, workshops, guidance tools, practical information sheets, advice, etc.) and a variety of career paths within our Insurance Group and throughout the Crédit Agricole Group.

Companies

Sites in Paris, the French regions and 9 other countries: Germany, Ireland, Italy, Spain, Japan, Luxembourg, Portugal, Poland and Greece.

Banking benefits

Banking benefits for staff

These offers may interest you!