Risk Officer for Shadow IT Porto

Overview

Join to apply for the Risk Officer for Shadow IT role at CGI. Shadow IT (i. e. , IT assets and solutions implemented outside official IT governance) represents a significant risk for organizations, particularly in highly regulated environments. The role of the IT Risk Officer for Shadow IT is to ensure these risks are properly managed, contributing to the Governance, Risk, and Compliance (GRC) frameworks. The position involves managing a global inventory of Shadow IT usage and associated IT risks, liaising with business teams to identify new or evolving Shadow IT situations, validating data completeness and consistency, and coordinating assessments and validations. The role also includes monitoring KPIs and KRIs and reporting on these risks to senior management.

Responsibilities

• Management of the Risk Register: regularly update IT risk criteria (risk category, owner, impact, etc. ).
• Initiate and support the annual review of all IT risks in the Risk Register.
• Support Risk Assessment: organize assessments/analyses of identified IT risks with relevant stakeholders (impact, mitigation, etc. ).
• Coordinate validation of IT risk assessments.
• Ensure compliance with the organization’s risk management processes.
• Collect and challenge new risk cards with stakeholders (including proposed mitigations).
• Reporting: gather feedback regarding formalization of risk cards and ongoing mitigation measures from risk owners; monitor KPIs defined in risk cards (mitigation, impact, etc. ); prepare risk and risk mitigation reports for senior management and raise alerts when necessary.
• Participate in Risk Committee meetings to share inputs about risks (content of the Risk Register, risk levels, impact, etc. ).

Qualifications

• Technical Competencies (Hard Skills): Proven experience with IT Risk Management Methodologies, covering risk monitoring (identify, alert, and suggest remediation), risk analysis (anticipate/analyze threats and create risk scenarios), risk opinion (challenge, approve, and decide on new activities/projects), general IT knowledge (processes, assets, and solutions), cybersecurity awareness (risks, frameworks, and requirements), GRC knowledge related to IT, regulatory & compliance frameworks understanding IT and cybersecurity regulatory requirements, and Shadow IT management (identifying and managing IT assets outside governance).
• Language Competencies: English – Level 4 (Mastery); French – Level 2 (Practice).
• Behavioral Competencies: Strong organizational skills; ability to collaborate effectively and work in teams;
  - making capacity; analytical ability, critical thinking, attention to detail, and rigor; high degree of autonomy.

Location and Terms

• Must be physically in Portugal, and work at the office 3/5 days a week.
• Employment type: Full-time; Seniority level: Entry level.
• Job function: Finance and Sales; Industries: IT Services and IT Consulting.

We’re inviting you to explore CGI and its culture of ownership and teamwork. You’ll have opportunities to build your career with a global company and become part of CGI Partners from day one.