GROUP BNP PARIBAS
BNP Paribas Group is the top bank in the European Union and a major international banking establishment. It has close to 185,000 employees in 65 countries. In Spain we are more than 5,100 employees within 13 business lines.
Spain IT Production
Spain IT Production organization consists of CIB ITO & ITG IT Platforms and is responsible for providing IT Production services to our Clients in EMEA, ensuring a Digital Market evolution, in a secured and performant environment, and with a reliable quality. IT Production organization includes Infrastructure services, Telecom & Workspace, Production Security and Application Production domains and associated transversal services (CTO Office, Control Tower, PMO and IT Continuity). In Spain, IT Production relies on a Platform with over 400 experts that provide full-stack support services ensuring a secure, stable, standardized, and efficient production.
ABOUT THE JOB
MISSION
We are looking for an IT Risk & Cyber Security Analyst in charge of assessing Cyber risks on the IT production perimeter for outsourced activities as well as a contribution of Cyber expertise in support of the CISO.
RESPONSIBILITIES
The main activities and missions will be:
- In charge of CISO activities related to Third Parties Risk Management on IT production perimeter:
- Step 1 - Cyber Risk Identification & Assessment:
- Identify and assess the ICT and Cyber Security Risk of the activity in a context of an externalization.
- Initiate the overall process which includes preliminary risk identification, analysis and evaluation.
- Define / recommend activities that are adequate to the risk level to perform before the validation committee.
- Identify ICT and cyber security need.
- Step 2 – IT Risk & Cyber Security Due Diligence:
- Assess the compliance of the proposal of the service provided by the suppliers to the ICT applicable requirements for protecting BNP Paribas
- Select the most suitable supplier among the shortlisted ones.
- Step 3 – Contract Negotiation:
- Formalize the applicable conditions to the service provided and the Supplier's commitment to implement agreed Cyber Security measures.
- Proposal and validation of evolutions in the hardening rules of the security of the products used within the Group:
- Assist product owner in writing hardening rules
- Review hardening rules published previously
- Align hardening rules with other production security teams
- Coordinate the implementation of control rules
- Review and validation of the Asset Sensitivity Cards of ITGP applications
- Analyze and assess the Asset Classification from a Security perspectives
- Review the answers of Security and IT Architecture questionnaire
Add Key requirements from Group BNPP Security framework to comply with
REQUIREMENTS
Master Degree or equivalent
At least 5 years
High level of English mandatory
SKILLS
- Expertise in computer security standards and frameworks and the main IT & security risk frameworks (NIST, CIS, ISO27001, EBIOS, etc.),
- Expertise in the main types of cybersecurity incidents and how to protect against them.
- Technical expertise in IT/Cloud infrastructures, usual products and technologies
- Critical mind, good analytical and synthesis skills.
- Rigor, curiosity, autonomy, involvement, availability and taste for teamwork.
- Ability to listen and communicate to convince, adapting to one's interlocutors.
- Ability to take a step back and formalize needs, write synthesis documents and report on work.
- Animation of transversal working groups.
- Very good command of English (written/spoken).
· French speaking will be appreciated.
Ability to collaborate / Teamwork
Attention to detail / rigor
Ability to deliver / Results driven
Analytical Ability
Ability to set up relevant performance indicators
Ability to inspire others & generate people's commitment
BENEFITS
• Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries.
• Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity).
• Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities.
• Flexible compensation plan.
• Hybrid telecommuting model (50%).
• 31 vacation days.
Diversity and inclusion commitment
BNP Paribas Group in Spain is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.
