IT Risks & Cyber SSC Engineer W/M

July 10, 2024

IT Risks & Cyber SSC Engineer W/M

Reference12353228

  • Permanent
  • ES-Madrid-Madrid
  • INFORMATION TECHNOLOGY
Apply for this job

Who are we?

We are South Europe Technologies (S.ET); the IT, Data and Operations Shared Service Center of BNP Paribas Personal Finance, with delivery centers in Spain and Portugal, providing the best solutions to BNPP PF entities around the world such as Cetelem (specialized, between others, in financial partnership of major retailers, consumer goods companies and car dealerships).

Among other services, our portfolio is composed of:

  • Applications Management (Architecture, Project Management, Development, and Quality Assurance).
  • IT Risks & Cybersecurity Services.
  • Platforms Management.
  • Data Analytics and AI.
  • Operations.

Our offices are in Spain (Madrid) and Portugal (Lisbon, Porto). The company brings together over 200+ employees, with expertise in various technologies (Java, .Net, Python, Tibco, APIGee) and other operational roles (Functional Analyst, Project Manager, Business Analyst, Auto Stock Financing operators). We keep growing!

About the job

Main responsibility:

A non-exhaustive sample of key IT Risk & Cyber operational processes and activities to contribute to are: Vulnerability management, Penetration tests, Identity & Access Management, 3rd-party due diligence, Monitoring of risk treatment (action plans), Reporting the risk exposure (by asset, by entity, by territory…), etc.

A large focus is given to Cybersecurity risks (a major threat in IT) and therefore you should demonstrate sufficient proficiency in this domain. But the absence of deep Cyber expertise can be compensated by a large culture and practice of risk management in all domains of IT Operational risks: risk identification, assessment, treatment, monitoring, reporting, concepts of risk appetite/tolerance/exposure, risk heatmaps, risks in projects, in change, outsourcing, legal & compliance risks…).

In this context, your functions will be:

  • You will provide advice and user support across the Organization on the use of IT Risk and Cyber tools and systems.
  • You deliver IT Risk & Cyber services in contribution to identification, evaluation, treatment, monitoring, reporting, and closing of IT operational risks.
  • Deliver various IT Risk&Cyber services in response to local entities’ requests, ensuring achievement of agreed service levels (on-time delivery, quality, exhaustiveness, accuracy…), compliance with established policies.
  • Establish a strong, long term and trust-based relationship with local entities and central team (located in Paris).
  • The initial services to be delivered will be related to Vulnerability Management (based on internal and external scans + ad hoc alerts), coordination of pentests, 3rd-party due diligence, risk exposure reporting, advisory and monitoring of risk mitigating actions. In a second phase, risk assessments of applications, processes, or 3rd-parties, including onsite audits.
  • Deliver IT Risk & Cybersecurity services according to defined processes, in full respect of SLAs, ensuring that all standards are met, and procedures are followed.
  • Establishes priorities and schedules of main activities.
  • Seek to improve, contribute to identify trends and problem areas, reporting on risks, key performance indicators and propose corrective action or new approaches having improvement of services as final goal.
  • Seek to help, propose solutions, promote BNPP Group standards in response to entities raised issue. If required, supports system deployment activities to ensure smooth adoption by clients of the Centre. Never leave questions without an answer.
  • Seek for expertise, be the recognized and sought advisor, define your best area(s) of expertise, and promote it.
  • Seek for building trust and long-term relationship via definition and respect to SLAs, accurate proposals and swift reaction to requests, and also close working relationships with functional Divisions/Offices at HQ, liaising on issues in the implementation of established policies, procedures, and solutions.

What it is in for you:

  • A great international team providing services all around the world for BNP Paribas Personal Finance subsidiaries.
  • Good perspective for growth: Service catalog is enlarged year after year in order to fulfil all the needs of BNP Paribas Personal Finance entities.

What we are looking for:

  • You have two to four years of proven working experience in the cybersecurity field.
  • Basic knowledge of architecture in the application layers (presentation, application, DB), network isolation, network zoning, DMZ, web application controls, security headers, application coding best practices, secure development, etc.
  • General knowledge of standards like NIST CyberSecurity Framework (NCF) or ISO/IEC27001 and best practices such as OWAS.
  • Structured analyst, capable to embrace and use data analytics to assess risks, scope audits and test controls.
  • You have a transformation mindset, looking for the excellency.
  • You are a Problem-Solving and Decision-Making person, who:
    • Demonstrates advanced analytical and diagnostic skills dealing with issues that are ambiguous, lack known precedent or appear contradictory.
    • Sees the big picture and is fully aware of technology and business directions.
    • Has department, corporate and group objectives in focus while identifying and removing barriers.

Skills:

Behavioural Skills

  • Attention to detail / Rigour
  • Ability to synthetize / Simplify
  • Communication skills – Oral & written

Transversal Skills

  • Analytical ability
  • Ability to set up relevant performance indicators
  • Ability to manage a project

Tools – Methodologies – Technologies

  • MS Office Pack Microsoft
    • Excel
    • Word
    • Powerpoint

Language skills:

English: Fluent (C1 Level minimum)

Nice to have:

Autonomy, Planning skills, Team worker, Understanding of information security and cyber risks related to the banking sector.

About our culture:

We are proud to create, maintain and develop business solutions for BNP Paribas Group entities around the world, while keeping a high level of service and providing added value to our customers.

Working in an Inclusive and Multicultural environment, we encourage everyone to develop their talents and skills, offering various career opportunities and internal mobility programs, within local SET teams or in other entities within the Group.

We value our employees’ experience by keeping a well-balanced environment with flexibility regarding the work schedule and care for everyone’s personal time.

We embraced a hybrid way of working because we believe social connection always adds value to our day-to-day activities.

Benefits:

• Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries.

• Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity).

• Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities.

• Flexible compensation plan. 

• Hybrid telecommuting model (50%).

• 31 vacation days.

Diversity and inclusion commitment

BNP Paribas Group in Spain is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.

Offers you may be interested in