Spain Territory CISO
BNP Paribas Group is the top bank in the European Union and a major international banking establishment. It has close to 185,000 employees in 65 countries. In Spain we are more than 5,100 employees within 13 business lines.
Reporting Hierarchically to Spain CCCO and functionnaly to Head of CIB CISO Office
Relaying on the central CIB EMEA Cyber teams, The TERRITORY Chief Information Security Officer ( TCISO ) mission is to ensure, for the Cyber Security activity within his/her scope, the proper monitoring, detection, investigation, analysis, and response to security events related to his/her scope.
The TERRITORY Chief Information Security Officer ( TCISO ), is the LOCAL INTERMEDIARY for the CIB EMEA CISO & CIB CISO Office about the Cyber security topics of his/her territory with the help (or in coordination) of existing Entity CISO in their Territory.
The TCISO is responsible to :
-Contribute to the Implementation of the CIB/Group's cybersecurity reference framework (policies, requirements, indicators and control plan),
-Promote securization of information systems, as defined in the CyberSecurity Governance,
-Share and integrate the local regulatory requirements
The role of T-CISO do not imply any reporting relationship with other Entity CISOs in Spain.
Team Management:
- In charge of sizing his/her team by respecting the local needs as well as the HO requirements.
- Responsible for appraisal and compensation review process for local teams
- Support, Develop and empower team members, focusing the attation on their individual skillset, aspirations and development needs, in order to anticipate them to the current role and future challenges.
- Management of all team members and organization related topics: workload planning and distribution (including management of staff holidays, absences, back-ups schemes), follow up on each group member's performance and motivation.
Cyber Security responsabilities- CIB Scope :
•Ensure that all the local applications of his/her scope are inventoried, classified and in compliance with the baseline
•Be aware about the last cyber threats through the CIB central threat intelligence communication and Track all the cyber incidents of his/her scope
•Perform the adequate investigations for DLP incidents, and ensure that the investigations are done where the he/she cannot be involved directly
•Ensure that all the CIB Data security solutions are deployed in his/her scope and employees (internal/external) are trained to properly use them.
•Ensure that all the applications of his/her scope, have jurisdiction procedures, are enrolled into IAM tools and promote the periodically access rights recertification
•Contribute to the GCL campaigns as Cyber Security experts for dedicated controls
•In case of delivering Cyber Security services to Non CIB entities, make sure that the SLA is up to date according to the CIB Service Catalogue and assure the adequat reporting for the Non CIB CISO.
Territory Governance and Cybesecurity responsabilities:
•Provide the local cyber program evidences and ensure that the territory matrix is up to date according to CIB/CDF requirement
•Ensure that the territory population is following the CIB/CDF cyber security trainings and awareness
•Be aware about the local regulation requirements and ensure that his/her scope is in compliance with the regulations, being the Head of territory´s privileged contact on cyber issues with local regulators in coordination con Bls´s CISOs depending on their origen
•Actively participate to the Regional Cyber Security Committees.
•In case of Regulatory requierments, animate a local Cyber Security Committee with the participation of the EMEA CIB Cyber Security Teams
•With the local non cib Business lines, oversight and follow the cyber security matutiry and action plans to be included into a territory consolidated view
•Animate the local community on Cybersercurity topics including when relevant the main stakeholders: BL´s CISOs, BL´s CIOs, Territory CTO and Territory management
•Set up and coordinate a network of CISOs within the territory
•Coordinate the central response to local regulators in the event of a cyber incident in its Territory
• Ensure the follow up and the challenge of the cyber remediation in the territory
•Inform the central teams about any local cyber assignment and Follow the local cyber recommendations & PCA.
•Declare, Evaluate & State any identified local Cyber security Risks
BENEFITS
• Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries.
• Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity).
• Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities.
• Flexible compensation plan.
• Hybrid telecommuting model (50%).
• 32 vacation days.
Diversity and inclusion commitment
BNP Paribas Group in Spain is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.