Risk Officer for Shadow IT
Porto (Porto)
Job description
Position Description:
Shadow IT (i.e., IT assets and solutions implemented outside official IT governance) represents a significant risk for any organization, particularly in highly regulated environments.
The role of the IT Risk Officer for Shadow IT is to ensure these risks are properly managed, contributing to the overall Governance, Risk, and Compliance (GRC) frameworks.
The position involves managing a global inventory of Shadow IT usage and associated IT risks. The Risk Officer will liaise with business teams to identify new or evolving Shadow IT situations, validate data completeness and consistency, and coordinate assessments and validations. Additionally, the role includes monitoring KPIs and KRIs and reporting on these risks to senior management.
Your future duties and responsibilities:
Management of the Risk Register
Regularly update IT risk criteria (risk category, owner, impact, etc.).
Initiate and support the annual review of all IT risks in the Risk Register.
Support Risk Assessment
Organize assessments/analyses of identified IT risks with relevant stakeholders (impact, mitigation, etc.).
Coordinate validation of IT risk assessments.
Ensure compliance with the organization’s risk management processes.
Collect and challenge new risk cards with stakeholders (including proposed mitigations).
Reporting
Gather feedback regarding formalization of risk cards and ongoing mitigation measures from risk owners.
Monitor KPIs defined in risk cards (mitigation, impact, etc.).
Prepare risk and risk mitigation reports for senior management and raise alerts when necessary.
Participate in Risk Committee meetings to share inputs about risks (content of the Risk Register, risk levels, impact, etc.).
Required qualifications to be successful in this role:
Technical Competencies (Hard Skills)
Proven experience with IT Risk Management Methodologies, covering:
Risk monitoring: ability to identify, alert, and suggest remediation.
Risk analysis: ability to anticipate/analyze threats and create risk scenarios.
Risk opinion: ability to challenge, approve, and decide on new activities/projects.
General IT knowledge: processes, assets, and solutions.
Cybersecurity awareness: risks, frameworks, and requirements.
GRC (Governance, Risk, and Compliance) knowledge related to IT.
Regulatory & Compliance frameworks: understanding of IT and cybersecurity regulatory requirements.
Shadow IT Management: identifying and managing IT assets outside governance.
Language Competencies
English – Level 4 (Mastery)
French – Level 2 (Practice)
Behavioral Competencies (Soft Skills)
Strong organizational skills.
Ability to collaborate effectively and work in teams.
Decision-making capacity.
Analytical ability, critical thinking, attention to detail, and rigor.
High degree of autonomy.
Must be physically in Portugal, and a work at the office 3/5 days a week
Skills:
· English
· French
· Asset Management
· Compliance
What you can expect from us:
Together, as owners, let’s turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…
You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.
Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
Come join our team—one of the largest IT and business consulting services firms in the world.