The bank for a changing world

We are looking for

IT Risks & Cyber Shared Services Centre Engineer

Apply REF: CET20014

We are looking for an IT Risks & Cyber Shared Services Centre Engineer, responsible for providing Cybersecurity and IT Risks Management support to local entities of BNP Paribas Personal Finance, for IT Cybersecurity and Operational Risk management processes. He/she also provides advice and user support across the Organization on the use of IT Risk and Cyber tools and systems.

The Shared Services Centre Engineer consolidates administrative functions to deliver in a cost-effective manner, promoting operational efficiencies and services improvements, while reporting on the performance of the services to differente levels in the organization.

A technical focus:

  • Delivery of IT Risk & Cyber services in contribution to identification, evaluation, treatment, monitoring, reporting and closing of IT operational risks.
  • A non-exhaustive sample of key IT Risk & Cyber operational processes and activities to contribute to are : Vulnerability management, Penetration tests, Identity & Access Management, 3rd-party due diligence, Monitoring of risk treatment (action plans), Reporting the risk exposure (by asset, by entity, by territory…), etc.
  • A large focus is obviously given to Cybersecurity risks (a major threat in IT) and therefore each candidate shall demonstrate sufficient proficiency in this domain. But the absence of deep Cyber expertise can be compensated by a large culture and practice of risk management in all domains of IT Operational risks : risk identification, assessment, treatment, monitoring, reporting, concepts of risk appetite/tolerance/exposure, risk heatmaps, risks in projects, in change, outsourcing, legal & compliance risks...).

The main responsibilities of the position will be:

  • Deliver various IT Risk&Cyber services in response to local entities’ requests, ensuring achievement of agreed service levels (on-time delivery, quality, exhaustiveness, accuracy...), compliance with established policies.
  • Establish a strong, long term and trust-based relationship with local entities and central team (located in Paris).
  • The initial services to be delivered will be related to Vulnerability Management (based on internal and external scans + ad hoc alerts), coordination of pentests, 3rd-party due diligence, risk exposure reporting, advisory and monitoring of risk mitigating actions. In a second phase, risk assessments of applications, processes or 3rd-parties, including onsite audits.
  • Service catalog will be enlarged year after year in order to fulfil all the needs of BNP Paribas Personal Finance entities.
  • Deliver IT Risk & Cybersecurity services according to defined processes, in full respect of SLAs, ensuring that all standards are met and procedures are followed.
  • Establishes priorities and schedules of main activities.
  • Seek to improve, contribute to identify trends and problem areas, reporting on risks, key performance indicators and propose corrective action or new approaches having improvement of services as final goal.
  • Seek to help, propose solutions, promote BNPP Group standards in response to entities raised issue. If required, supports system deployment activities to ensure smooth adoption by clients of the Centre. Never leave questions without an answer.
  • Seek for expertise, be the recognized and sought advisor, define your best area(s) of expertise and promote it.
  • Seek for building trust and long-term relationship via definition and respect to SLAs, accurate proposals and swift reaction to requests, and also close working relationships with functional Divisions/Offices at HQ, liaising on issues in the implementation of established policies, procedures and solutions.


  • Advanced University degree in Computer Science, Information Security, Business Administration and/or Management
  • 3 years of relevant experience in coordinating, leading and/or managing operations and administrative activities
  • Fluent English. Good working knowledge of French and/or any other European or non-European language are considered a “+”.
  • Good understanding of Cybersecurity technical domains, IT Continuity, Operational Risk Management principles, Data Privacy (esp European GDP Requirements), 3rd-party Management.
  • Expertise in at least one of abovementioned domains
  • One of ISO27001, ISO27005, ISO31000, CISM, CISA, CRISC, CISSP, Cyber CompTia+ or EC-Council or equivalent certifications.

Primary Location: ES-MD-MadridJob Type: Standard / PermanentJob: INFORMATION TECHNOLOGYEducation Level: Bachelor Degree or equivalent (>= 3 years)Experience Level: At least 3 yearsSchedule: Full-time Behavioural competency: Ability to collaborate / Teamwork, Proactivity, Personal Impact / Ability to influence, Attention to detail / rigor, Organizational skills, Adaptability, Ability to deliver / Results driven, Active listening, Communication skills - oral & written, Client focused, Ability to share / pass on knowledge, Critical thinking, Ability to synthetize / simplify, Creativity & Innovation / Problem solving, Resilience, Decision MakingTransversal competency: Ability to understand, explain and support change, Analytical Ability, Ability to manage a project, Ability to develop and adapt a process , Ability to anticipate business / strategic evolution, Ability to conduct a negotiation, Ability to develop others & improve their skills, Ability to develop and leverage networks, Ability to set up relevant performance indicators, Ability to manage / facilitate a meeting, seminar, committee, training…, Ability to inspire others & generate people's commitmentReference: CET20014