Crédit Agricole Group
Summary
CACIB is seeking a highly motivated and detail-oriented Associate, Cyber Risk Management to join our growing cybersecurity and risk team. This role will play a central part in conducting internal cyber security reviews, including enterprise control, application level, and maturity assessments. The ideal candidate will have hands‑on experience performing cyber risk assessments and strong foundational knowledge of cybersecurity controls and frameworks.
Key Responsibilities
Plan, conduct, and document cyber risk assessments for internal applications, infrastructure, and networks
Perform control testing on cybersecurity and technology related controls to assess the design and effectiveness
Assess risk in alignment with control standards and business context, and evaluate control effectiveness using established frameworks such as NYDFS 500, NIST CSF, ISO27001, FFIEC, and CRI
Collaborate with internal stakeholders, including application owners, IT, and procurement, to gather risk related information, validate controls, and communicate results
Contribute to the ongoing development of cybersecurity policies, control requirements, and risk assessment procedures
Map and maintain controls to industry frameworks, and assist in interpreting requirements for new systems, vendors, or processes
Support efforts to improve the maturity and efficiency of the cyber risk assessment process, including process optimization and integration with Enterprise Risk Management Framework
Additional Responsibilities
Coordinate issue management and remediation, ensuring timely resolution of identified security risks and issues
Participate in internal readiness reviews and external audits as needed by providing evidence and control documentation
Perform quality assurance checks on risk assessments and documented control gaps
Support cybersecurity training and awareness initiatives to promote best practices across the organization
Help identify opportunities to streamline assessment workflows and improve consistency across risk domains
Required Qualifications
2-5 years of experience in cyber risk management, IT risk, cybersecurity, or a related discipline
Familiarity with risk assessment frameworks (e.g., NIST RMF, FAIR, etc.)
Familiarity with cybersecurity principles, tools, and control frameworks (e.g., NIST CSF, CRI, CIS Controls)
Salary Range $110k-$135k
#J-18808-Ljbffr
Key Responsibilities
Plan, conduct, and document cyber risk assessments for internal applications, infrastructure, and networks
Perform control testing on cybersecurity and technology related controls to assess the design and effectiveness
Assess risk in alignment with control standards and business context, and evaluate control effectiveness using established frameworks such as NYDFS 500, NIST CSF, ISO27001, FFIEC, and CRI
Collaborate with internal stakeholders, including application owners, IT, and procurement, to gather risk related information, validate controls, and communicate results
Contribute to the ongoing development of cybersecurity policies, control requirements, and risk assessment procedures
Map and maintain controls to industry frameworks, and assist in interpreting requirements for new systems, vendors, or processes
Support efforts to improve the maturity and efficiency of the cyber risk assessment process, including process optimization and integration with Enterprise Risk Management Framework
Additional Responsibilities
Coordinate issue management and remediation, ensuring timely resolution of identified security risks and issues
Participate in internal readiness reviews and external audits as needed by providing evidence and control documentation
Perform quality assurance checks on risk assessments and documented control gaps
Support cybersecurity training and awareness initiatives to promote best practices across the organization
Help identify opportunities to streamline assessment workflows and improve consistency across risk domains
Required Qualifications
2-5 years of experience in cyber risk management, IT risk, cybersecurity, or a related discipline
Familiarity with risk assessment frameworks (e.g., NIST RMF, FAIR, etc.)
Familiarity with cybersecurity principles, tools, and control frameworks (e.g., NIST CSF, CRI, CIS Controls)
Salary Range $110k-$135k
#J-18808-Ljbffr