About the job
South Europe Technologies is one of BNP Paribas Personal Finance shared services centers delivering the best IT Solutions to BNP Paribas Personal Finance entities around the world:
- Applications Management (Architecture, Project management, Development, and Quality Assurance)
- IT Risks & Cybersecurity services
- Platforms management
- Ad-hoc, T&M development
In this context, we are looking for an IT Risks & Cyber SSC Engineer.
The Shared Services Centre Engineer consolidates administrative functions to deliver IT Risks and Cybersecurity services in a cost-effective manner, promoting operational efficiencies and services improvements, while reporting on the performance of the services to different levels in the organization.
As an IT Risks & Cyber SSC Engineer, your will support local entities of BNP Paribas Personal Finance all around the world.
A non-exhaustive sample of key IT Risk & Cyber operational processes and activities to contribute to are : Vulnerability management, Penetration tests, Identity & Access Management, 3rd-party due diligence, Monitoring of risk treatment (action plans), Reporting the risk exposure (by asset, by entity, by territory…), etc.
A large focus is given to Cybersecurity risks (a major threat in IT) and therefore you should demonstrate sufficient proficiency in this domain. But the absence of deep Cyber expertise can be compensated by a large culture and practice of risk management in all domains of IT Operational risks : risk identification, assessment, treatment, monitoring, reporting, concepts of risk appetite/tolerance/exposure, risk heatmaps, risks in projects, in change, outsourcing, legal & compliance risks...).
In this context
- You will provide advice and user support across the Organization on the use of IT Risk and Cyber tools and systems.
- You deliver IT Risk & Cyber services in contribution to identification, evaluation, treatment, monitoring, reporting and closing of IT operational risks.
- Deliver various IT Risk&Cyber services in response to local entities’ requests, ensuring achievement of agreed service levels (on-time delivery, quality, exhaustiveness, accuracy...), compliance with established policies.
- Establish a strong, long term and trust-based relationship with local entities and central team (located in Paris).
- The initial services to be delivered will be related to Vulnerability Management (based on internal and external scans + ad hoc alerts), coordination of pentests, 3rd-party due diligence, risk exposure reporting, advisory and monitoring of risk mitigating actions. In a second phase, risk assessments of applications, processes or 3rd-parties, including onsite audits.
- Deliver IT Risk & Cybersecurity services according to defined processes, in full respect of SLAs, ensuring that all standards are met and procedures are followed.
- Establishes priorities and schedules of main activities.
- Seek to improve, contribute to identify trends and problem areas, reporting on risks, key performance indicators and propose corrective action or new approaches having improvement of services as final goal.
- Seek to help, propose solutions, promote BNPP Group standards in response to entities raised issue. If required, supports system deployment activities to ensure smooth adoption by clients of the Centre. Never leave questions without an answer.
- Seek for expertise, be the recognized and sought advisor, define your best area(s) of expertise and promote it.
- Seek for building trust and long-term relationship via definition and respect to SLAs, accurate proposals and swift reaction to requests, and also close working relationships with functional Divisions/Offices at HQ, liaising on issues in the implementation of established policies, procedures and solutions.
What it is in for you:
- A great international team providing services all around the world for BNP Paribas Personal Finance subsidiaries
- Good perspective for growth: Service catalog is enlarged year after year in order to fulfil all the needs of BNP Paribas Personal Finance entities.
Profile and Skills to Success
- Cybersecurity knowledge
- Auditing or governance risk and controls
- NIST CyberSecurity Framework (NCF) or ISO/IEC27001 and best practices such as OWASP
- Budget Steering
- Attention to detail / Rigour
- Ability to synthetize / Simplify
- Communication skills – Oral & written
- Ability to share / Pass on knowledge
- Analytical ability
- Ability to set up relevant performance indicators
- Ability to manage a project
Tools – Methodologies – Technologies
English: Fluent (C1 Level minimum)
Nice to have:
Autonomy, Planning skills, Team worker, Understanding of information security and cyber risks related to the banking sector.
Certifications such as CISM, CISA, ISO27001 LI/LA, CISSP