Role Description As the Cybersecurity Compliance Analyst, you’ll be part of our Cyber Security team working as a remote employee. You’ll get to: - Ensure all organizational websites comply with relevant cookie regulations (e.g., GDPR, CCPA). - Oversee the deployment and management of effective cookie consent mechanisms. - Perform regular audits of website cookie usage to identify compliance gaps. - Maintain accurate records of cookie policies, user consents, and compliance activities. - Document audit findings and recommend corrective actions for cookie compliance issues. - Track and log all cookie-related compliance issues, ensuring timely resolution and escalation of critical risks. - Collaborate with legal, IT, and marketing teams to update cookie policies as regulations change. - Prepare and provide necessary documentation for internal and external audits related to cookie compliance. - Respond promptly to auditor inquiries regarding cookie usage and consent mechanisms. - Report on cookie compliance activities and issue trends to inform process improvements. Qualifications - English language on fluent level. - Proven experience in cybersecurity, compliance, or data privacy roles. - Experience with consent management platforms and website compliance tools. - Experience with compliance management, issue management and audit processes. - Excellent analytical, organizational, and project management skills. Benefits - Subsidy for a Multisport card or points on the MyBenefit platform. - Private medical care (Luxmed). - Life insurance (Generali). - Private pension program PPE (Goldman Sachs).

Role Description Estamos buscando um Analista Sênior de IAM experiente para se juntar à nossa equipe de cibersegurança. Este profissional será responsável por criar processos, configurar ferramentas e aprimorar os assuntos de IAM de forma global. O profissional trabalhará em estreita colaboração com outras frentes de segurança, infraestrutura, sistemas e equipes de negócios, avaliando as melhorias e implementações necessárias para a eficácia do Programa de IAM. Responsibilities - Desenvolver, implementar e manter processos de gestão de identidades e acessos, incluindo provisionamento, revogação e revisão periódica de privilégios; - Administrar e implementar ferramentas relacionadas à IAM garantindo funcionamento, confiabilidade e atendendo aos requisitos de segurança; - Criar, revisar e otimizar regras, perfis, grupos e políticas de acesso, assegurando a aplicação de princípio de privilégio mínimo e SoD (Segregação de Funções), para ambientes on prem e cloud; - Definir estratégia para integração de sistemas e aplicações às plataformas de IAM; - Colaborar com outros times para mapear processos de acesso, identificar riscos e sugerir implementações ou automações de controles; - Apoiar times internos na compreensão das práticas de gestão de identidades, acessos e requisitos de segurança relacionados; - Suportar processos de auditorias. Qualifications - Experiência de ao menos 5 anos atuando diretamente com temas ligados à IAM; - Formação Superior em Tecnologia da Informação/Segurança da Informação; - Conhecimento avançado em temas como AD/Entra ID, LDAP, SAML, OAuth, SSO, MFA, PAM, SoD, RBAC, princípio de menor privilégio e revisão de acessos; - Administração ou vivência em projetos de implementação de ferramentas de IDM (Identity Manager); - Conhecimento em Microsoft Defender for Identity, e demais ferramentas de IAM para ambientes híbridos e multicloud (On Prem, Azure, AWS, GCP); - Fluência em inglês; - Conhecimento em normas e boas práticas de segurança da informação (ex: ISO 27001, NIST, etc). Requirements - Certificações relevantes de fabricantes de soluções para IAM/PAM, exemplo: (CyberArk, Senha Segura, BeyondTrust, SailPoint, Okta, Microsoft EntraID, etc). Benefits - Equality of opportunity for everyone is our highest priority; - Support for colleagues to work in a way that supports their health and wellbeing; - Flexible approach to ensure everybody feels included and accepted; - Dedicated to creating an inclusive culture and valuing diversity.

Role Description Vos missions : - Identifier et cartographier les actifs informationnels sensibles - Construire les référentiels et mettre en place les outils adaptés à la Protection du Patrimoine informationnel (PPI) - Anticiper les technologies émergentes et technologies de rupture (TE/TR) - Créer, suivre et analyser les indicateurs d’activité de la PPI afin d’identifier des d’amélioration - Accompagner les équipes dans les processus de classification et d'intégration de la sécurité dans les projets - Accompagner les métiers de la cybersécurité dans le respect des cadres réglementaires en vigueur (RGPD, NIS 2 et autres) - Assurer le rôle d'interface entre la Direction Juridique (notamment le DPO) et les équipes opérationnelles cybersécurité - Contribuer à la mise en place de la gouvernance des données en collaboration avec la direction SI « Data » - Sensibiliser les métiers et les équipes cybersécurité aux réglementations relatives aux données - Effectuer une veille réglementaire internationale, européenne et nationale - Etudier de nouvelles mesures de défense en lien avec la protection des données Environnement de travail et solution - application numérique mobilisée : - Suite O365 Qualifications - Bac+2/Bac+3 PPI - Filières visées : gouvernance en cybersécurité / systèmes numériques et sécurité / jumeau numérique. Requirements - Droit numérique - Protection logique - Protection organisationnelle Soft Skills - Optimiste - Patient - Savoir écouter - Prise de parole - Adaptabilité - Logique et pragmatique - Organisé - Confidentialité - Intelligence collective - Feedback et empathie Hard Skills - Gouvernance & processus de protection des données sensibles Benefits - Suez préserve l’équilibre entre vie professionnelle et privée - Ce poste est ouvert au télétravail

We do Consulting Differently Job Summary BRG is seeking a Cybersecurity Analyst to support cybersecurity monitoring, investigation, and response activities across Microsoft 365, cloud services, and identity platforms. The role focuses on security event triage, incident support, remediation coordination, and validation of security controls aligned to BRG standards (least privilege, secure configuration baselines, and audit-ready documentation). The position requires prior cybersecurity experience and the ability to operate both independently and within a structured team environment. Reporting Relationships Reports to: Senior IT Manager – Cybersecurity Key Contacts - Cybersecurity Engineering and Cybersecurity Operations teams - Infrastructure, System Administration, and Network teams - Risk & Compliance (as needed for control evidence and audit support) Major Responsibilities / Job Functions - Monitor and triage security alerts and events across Microsoft security platforms and related tooling, documenting findings, severities, and recommended actions in accordance with established procedures. - Conduct initial investigation and evidence collection for security incidents involving identity compromise, endpoint threats, suspicious email activity, and cloud security findings; escalate complex or high-severity cases to senior staff. - Coordinate and track remediation efforts for security findings (vulnerabilities, misconfigurations, risky sign-ins), including verification, closure documentation, and status reporting. - Support identity and access security processes, including privileged access workflows, access reviews, and enforcement/validation of baseline identity controls aligned to least-privilege standards and approval requirements. - Support user and access management activities within a tiered Active Directory security model, including adherence to administrative tiering, privileged account separation, and controlled role assignment practices across Active Directory and Entra ID. - Assist with routine security control validation across Microsoft 365 and cloud services, including posture checks, policy effectiveness verification, and operational reporting. - Maintain and improve operational documentation (runbooks, SOPs, knowledge articles) based on recurring work, trend analysis, and lessons learned. - Participate in scheduled maintenance windows and security validation activities as needed. Knowledge, Skills, and Behaviors - Demonstrated cybersecurity fundamentals and practical experience triaging alerts, validating suspicious activity, and documenting incident findings. - Working knowledge of identity security concepts and telemetry, including Entra ID/Azure AD sign-in activity, risky users/sign-ins, roles/groups, MFA, and conditional access principles. - Strong background in Active Directory, Entra ID (Azure AD), and enterprise user lifecycle/access management, including provisioning/deprovisioning, group-based access, privileged account handling, and access governance practices in a tiered AD environment. - Familiarity with Microsoft security tooling and workflows (Microsoft Defender and/or Microsoft Sentinel), including log review and evidence collection; KQL familiarity is preferred. - Hands-on familiarity with vulnerability and security monitoring platforms, including Tenable/Nessus (including Tenable.io), Netwrix, and Zscaler, with the ability to interpret findings and support remediation tracking. - Understanding of endpoint and server security concepts on Windows platforms, including common attack patterns, persistence indicators, and response actions. - Strong written and verbal communication skills with the ability to document technical information clearly for both technical and non-technical audiences. - Strong organizational skills with the ability to manage multiple priorities and maintain attention to detail in a regulated enterprise environment. - Familiarity with PowerShell or automation concepts is preferred; ability to use existing scripts and procedures safely is valued. Education and Experience - Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field; equivalent practical experience considered. - Minimum of two (2) years of hands-on cybersecurity experience in security monitoring, incident response support, threat triage, or a related security-focused role. - Relevant certifications are a plus (not required), such as Security+, SC-200, AZ-500, or equivalent. Other Requirements - Ability to travel occasionally for key meetings or collaboration sessions, as needed. - Availability to participate in periodic after-hours incident support in rotation, as applicable. Salary Range: $90,000-$120,000 Candidate must be able to submit verification of his/her legal right to work in the U.S., without company sponsorship. About BRG BRG combines world-leading academic credentials with world-tested business expertise and purpose-built emerging technologies. Our culture centers on agility and connectivity which sets us apart and gets you ahead. At BRG, our professionals include specialist consultants, industry experts, renowned academics, and leading-edge data scientists. Together, they bring a diversity of real-world experience, data, and human and artificial intelligence, to economics, disputes, and investigations; corporate finance; and performance improvement services that address the most complex challenges facing organizations across the globe. Our unique structure nurtures the interdisciplinary relationships that give us the edge, laying the groundwork for more informed insights and more original, incisive thinking. When paired with our global reach and resources, our diverse perspectives and technical capabilities make us uniquely capable to address our clients’ challenges. We get results because we know how to apply our thinking to your world. At BRG, we don’t just show you what’s possible. We’re built to help you make it happen. BRG is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran status, ancestry, sexual orientation, marital status, family structure, medical condition including genetic characteristics or information, veteran status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law.