Cybersecurity Risk Analyst (M/F/D) [X851]

Your Tasks

Key Responsibilities

1. Security Risk Exceptions Management
   Log and track proposed security risk exceptions in the risk management tool.
   Gather and validate all necessary information from requestors, ensuring completeness and accuracy of required fields.
   Engage and communicate with Team Leads within both the business and Cybersecurity teams.
   Proactively follow up with requestors as due dates for risk exceptions approach.
   Create and deliver monthly exception reports and ad-hoc reports as required.
   Convert overdue security risk exceptions into documented risks and escalate them to relevant stakeholders.
2. Risk Assessments
   Document and register proposed risks in the Cyber Risk Register.
   Gather and analyze data from various stakeholders to assess the impact and likelihood of identified risks.
   Develop and document risk mitigation strategies, capturing stakeholder input and potential solutions.
   Prepare and present detailed risk presentations using the MMS risk template.
   Communicate assessment findings with Risk Owners and coordinate next steps.
   Escalate significant risk acceptance proposals to Vice Presidents and the Chief Information Security Officer (CISO) for review and approval.
   Produce and deliver monthly risk assessment reports to the CISO, including ad-hoc reports as necessary.
   Track and follow up with risk requestors as due dates approach.
3. Security Controls Testing
   Engage in security maturity and Controls testing processes.
   Organize interviews with control owners and document results.
   Collect and review the evidence provided by the control owners.
   Identify and assign the correct maturity level for each control.
   Deliver report of the results.
4. KPI Management
   Coordinate with KPI owners to gather monthly Key Performance Indicator (KPI) data.
   Update the KPI Register with newly collected data and ensure the accuracy of the records.
   Identify and highlight KPIs that show concerning trends or are blocked.
   Create and distribute monthly KPI reports to stakeholders, emphasizing key areas that require management attention.
5. Third-Party Risk Management (TPRM)
   Collaborate with the procurement team and other internal stakeholders to ensure that all vendors meeting TPRM criteria are reviewed and assessed accordingly.
   Prepare and distribute weekly and monthly TPRM reports, summarizing completed assessments and identified risks.
   Track and follow up on identified risks with vendors and internal teams to ensure timely resolution.
6. Reporting and Communication
   Develop, produce, and deliver regular reports to various stakeholders, including the CISO and executive leadership, summarizing risk trends, KPIs, and third-party risks.
   Support the Risk Management team in creating ad-hoc reports and presentations as requested.
   Ensure clear and concise communication of risk exceptions, risks, and recommendations.
   Maintain strong working relationships with individuals and groups involved in managing cybersecurity risks across the organization.

Your Profile

Education, Training and Previous Experience
Candidates will be evaluated primarily on their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:
- Bachelor's degree in information security, Risk Management, Business Administration, or a related field. A combination of relevant education and experience may be considered.
- 2-5 years of experience in cybersecurity, risk management, or a related field.

Desired but not mandatory Certifications:
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)

Business and Technical Experience
Understanding risk assessment methodologies to identify, evaluate, and prioritize cyber risks based on likelihood and impact.
Understanding of relevant industry regulations and data privacy laws that impact cybersecurity practices.
Strong understanding of or experience with at least one security framework - ISO 27001, NIST CSF or similar – is mandatory. Experience with multiple frameworks will be an advantage.
Ability to communicate complex technical concepts to both technical and non-technical audiences and collaborate effectively with IT teams and stakeholders.
Experience with risk management tools (e.g., OneTrust, ServiceNow, or similar GRC platforms) is preferred.
Proficiency in creating detailed reports and presentations using Microsoft Excel and PowerPoint.
Excellent verbal and written communication skills, with the ability to engage and influence stakeholders at various levels.
Strong analytical skills and attention to detail.

Knowledge and Skills
Ability to identify and assess the severity and potential impact of risks based on a variety of security assessment data sources.
Ability to effectively communicate risk assessment findings to risk owners outside the cybersecurity program in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
An ability to apply original and innovative thinking to produce new ideas.
An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
An ability to effectively influence others to modify their opinions, plans or behaviors.
Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
Strong problem-solving and troubleshooting skills.
Working knowledge of applicable privacy and cybersecurity regulations.
An ability to work on several tasks simultaneously. Ability to work both independently and collaboratively within a team.
Experience with third-party risk management and vendor assessments is a plus.

About Us

MediaMarktSaturn Technology is working to make Europe’s number-one consumer electronics retailer the technology leader in its industry. To this end, several hundred developers, UX designers and system architects using state-of-the-art technology work hand in hand with business owners in agile teams to develop customer-focused technology solutions for more than 6 million customers every day in 13 countries.

Within the Global Technology division, you are part of a strong cross-functional team of software engineers, data scientists and analytics experts to drive the development of our global product data management. Within the team and in close collaboration with the business product owner, you will design and develop data and analytics solutions on our cloud-based technology platform to support our business in product data management.

The Technology Hub located in Barcelona, is one of the service units of MediaMarktSaturn Technology to deliver adequate staffing and engineering skills for the agreed deliveries of the global deployment plan for the entire group.

The Cybersecurity Risk Analyst will play a critical role in supporting the organization’s cybersecurity risk management program. This position will be responsible for identifying, documenting, assessing, and reporting on security risks across the enterprise. The role includes managing risk exceptions, conducting risk assessments, and ensuring that third-party vendors comply with the organization's risk management policies. The ideal candidate will be detail-oriented and able to communicate effectively with stakeholders across the business, cyber security, and other teams. The ideal candidate will be willing to learn and improve while striving for the best performance outcome.

Additional Benefits

1. Young environment, where not everything is written in stone, and where you are expected to contribute and co-create the culture of the Tech Hub and international collaboration model.
2. You'll have a 10% discount on the entire MediaMarkt website, so you can treat yourself at a lower price whenever you want!
3. On top of your compensation package, you can request Flexible Pay “MediaFlex program” (a.e. Ticket Restaurant, Private Health Insurance with SegurCaixa Adeslas, ...).
4. Flexible working time and possibility to combine home office / presential working. Intensive workday every Friday and during summer.
5. The possibility to choose between 2 offices: The first one is the MediaMarkt Iberia HQ with a very attractive menu at a price. You'll eat for less than 4! And the second office is located at Pier01, in Barceloneta, right in the center of Barcelona. Free coffee and free fruit once a week.
6. If you need a VISA, don't worry, we'll assist you with the visa process and accompany you throughout the entire process!
7. There is a training budget so you can continue developing the skills you need most to keep growing professionally and personally!
8. We offer language classes: English, Spanish, and German.
9. On your birthday, you won't work! It's a day for you to enjoy without thinking about work.
10. You'll be working with the most cutting-edge technological stack of the moment.

Job Infos

Location: Barcelona, El Prat De Llobregat
Department: HQ - IT
Entry level: Professional Level
Type of Employment: Full Time
Working Hours: 40
Persona: Job Requisition Tech Employee
Recruiter: Joaquin Pardo