About the job
- As part of the its Target Operating Model, Wealth Management is looking for a manager to lead the Cyber Security Governance office & assist the WM EMEA IT Risk Officer (ITRO) and Chief Security Information Officer (CISO)
Your Main Activities Are
1 - Lead the Cybersecurity and IT Risks Governance Office
- Create, maintain and improve the WM IT Risk & Cyber security referential framework (policies, requirements, indicators, generic control plans, and guidelines) taking into consideration the wide variety and ever-changing technologies & requirements resulting from global laws, standards and regulations
- In a full alignment with the WM CISO, ensure that security policies, practices and guidelines are well communicated in order to secure the project delivery and the security operations
Program Management Office and Steering
- Lead the WM Cybersecurity and resilience program providing expertise in Program management
- Support the program execution with group-wide guidance on Cyber Security topics (DevSecOps, Cloud security, network, cryptography, data security, endpoints, applications developments)
- Prepare and organize the IT Risk & Cyber security steering committee
- Provide a consolidated view of IT & Cyber risks via industrialized and risk-oriented reports (e.g. key risk indicators, results of generic control plans execution, finding and recommendations)
Cybersecurity Awareness and Security incident Management
- Coordinate responses to Cyber incidents and crisis, and coordinate the development of implementation of incident response plans and procedures
- Create and manage a targeted IT Risk & Cyber security awareness training program in coordination with Regional or Local IT Risk and/or Chief Security Officers (CISO / ITRO)
Third-Party Technology Risk Management (TPTRM)
- Maintain a structured framework for the TPTRM aligned with the Group requirements
- Ensure that IT risk requirements are included in contracts by liaising with the Contract Management team
- Drive the external third-parties engagement supporting strategic project development reviews, pen testing, red teaming exercises
2 - Assist the WM EMEA ITRO/CISO on the IT Risk Management
- Assist the WM EMEA ITRO/CISO to animate the WM IT & Cyber security Risk Filière
- Coordinate the answers to regulators’ requests & assessments on IT risks
- Follow-up the closure of IT audits & reviews’ recommendations, coming from 2nd & 3rd lines of defense and from regulators
- Ensure a centralized steering of IT & Cyber risks to help decision-makers in remediation actions or risk acceptance, according to their risk appetite and budget
- Provide expertise and support to IT risk management topics (e.g. IT risk assessment & treatment approaches, Cloud Computing, Shadow IT, IT Third Party Risk Management)
- Develop and maintain the set of tools to industrialize the IT risk management framework and to interface with RISK Function tooling
Profile and Skills to Success
- Bachelor or Master degree
- 6-10 years of experience, in IT Risk, Cyber security and Program Management
- Familiar with ISO 27031, ITIL; EBIOS, CISSP training / certifications would be a plus
- Preferably previous experiences in a Banking / Financial environment
- Fluent in English - both verbal and written communication
- Program Management: PMO project Portfolio, critical path and complex tasks dependencies management, Project dashboard and reporting tools with advanced use of MS office (PowerPoint, excel, …)
- Data Analysis is a plus: Data visualization tools such as Power BI, Tableau
- Cybersecurity Governance: framework (NIST / CIS framework), Security incident management, Logging & Detection (SIEM – ELK products)
- Application Security: DevSecOps CI/CD toolchain; Threat modeling, Security architecture key concepts
- Ability to lead and motivate an IT Risk & Cybersecurity team
- Ability to act calmly and competently in challenging environment
- Excellent communication; excellent writing and synthesis skills
- Rigor, attention to detail
- Ability to act as critical thinker
- Ability to work in an international multi-site environment
In case you have the skills required, please send your CV in English to the following address email: portugal.recrutamento [at] bnpparibas (dot) com. Only candidates with adequate profile will be contacted.
Why joining BNP Paribas?
· Leading banking institution
BNP Paribas is a leader in the Eurozone, and a prominent international banking institution with strong roots in Europe's banking history. It has a presence in 65 countries, with around 190 000 Employees – including more than 145 000 in Europe.
·Our presence in Portugal
Since 1985, BNP Paribas was one of the first foreign banks to operate in the country. Today, the Group has around 7.100 employees across several entities operating directly in the territory, offering a wide range of integrated financial solutions to support its clients and their businesses.
· International reach
Thanks to its international presence and regular and close collaboration among its different entities, BNP Paribas has the resources to support all clients with financing, investment, savings and protection solutions that help make their projects a success. BNP Paribas holds key positions in its three core operating divisions:
- Retail Banking, a division that brings together all of the Group’s retail activities and specialised business lines;
- Investment & Protection Services that include specialised businesses offering a wide range of savings, investment and protection services;
- Corporate & Institutional Banking division that offers tailored financial solutions for corporate and institutional clients.
· Diversity and Inclusion commitment
BNP Paribas is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.
· Commitment towards work/life balance
At BNP Paribas we care about our employees wellbeing and promote a culture of good integration between work and rest. We believe our employees have rich personal lives outside of work, being fundamental to be disconnected from work to recharge both physically and mentally. Only through this balance we may all be at our best while working.
· Remote Working Conditions
At BNP Paribas, we embrace a Smart Working framework based on trust, autonomy and collaboration. Within this framework, eligible employees can benefit from flexible remote working modalities adapted to our hybrid working environment. To guarantee a comfortable and efficient working set-up, eligible employees are provided with both the office and home equipment, are entitled to an equipment allowance and can benefit from exclusive partnerships to purchase additional equipment at reduced prices.
To find out more on why you should join BNP Paribas visit https://bnpp.lk/why-BNP-Paribas-Portugal
* Please note that only applications submitted in English will be considered.
* In case you are selected for this role, further documentation will be requested to support your hiring process.