IT Risks & Cyber SSC Engineer

March 6, 2024

IT Risks & Cyber SSC Engineer


  • Standard / Permanent
  • ES-MD-Madrid
  • RISK
Apply for this job

BNP Paribas is an international bank with leading positions in the European market. It is present in 74 countries and employs more than 192,000 people, 146,000 of whom are in Europe. The Group holds key positions in its three main areas of activity: Domestic Markets, International Financial Services and Corporate & Institutional Banking.

We are South Europe Technologies (S.ET); the IT Data and Operations Shared Service Center of BNP Paribas Personal Finance, delivering the best IT Solutions to PF entities around the world such as Cetelem (specialized, between others, in financial partnership of major retailers, consumer goods companies and car dealerships).

Between other services, such as:
• Applications Management (Architecture, Project Management, Development, and Quality Assurance).
• IT Risks & Cybersecurity Services.
• Platforms Management.
• Ad-hoc, T&M development.
• Data.
• Operations.
We are recruiting in the IT Risk & Cybersecurity Area.
Our offices are located in Madrid, Spain. The company brings together over 160+ employees, with expertise in various technologies (Java, .Net, Python, Tibco) and other operational roles (Functional Analyst, Project Manager, Business Analyst). We keep growing!


The IT Risks & Cyber SSC Engineer has the responsibility of coordinate the Vulnerability Management, Penetration Tests, Identity & Access Management, 3rd-Party Due Diligence, Monitoring of Risk Treatment (Action Plans), Reporting the Risk Exposure (by asset, by entity, by territory…), etc.


The main responsibilities of the IT Risks & Cyber SSC Engineer are:
– Provide advice and user support across the Organization on the use of IT Risk and Cyber tools and systems.
– Deliver IT Risk & Cyber services in contribution to identification, evaluation, treatment, monitoring, reporting and closing of IT operational risks.
– Deliver various IT Risk&Cyber services in response to local entities’ requests, ensuring achievement of agreed service levels (on-time delivery, quality, exhaustiveness, accuracy…), compliance with established policies.
– Establish a strong, long term and trust-based relationship with local entities and central team.
– Deliver Vulnerability Management services (based on internal and external scans + ad hoc alerts).
– Coordinate pentests, 3rd-party due diligence, risk exposure reporting, advisory and monitoring of risk mitigating actions.
– Coordinate risk assessments of applications, processes or 3rd-parties, including onsite audits.
– Deliver IT Risk & Cybersecurity services according to defined processes.
– Respect of SLAs, ensuring that all standards are met, and procedures are followed. 
– Establishes priorities and schedules of main activities.
– Seek to improve, contribute to identify trends and problem areas, reporting on risks, key performance indicators and propose corrective action or new approaches having improvement of services as final goal.
– Seek to help, propose solutions, promote BNPP Group standards in response to entities raised issue. If required, supports system deployment activities to ensure smooth adoption by clients of the Centre.
– Define and respect SLAs, accurate proposals and swift reaction to requests.
– Liaise on issues in the implementation of established policies, procedures and solutions.



 • We are not looking for a person with a specific college degree, as long as it meets the other specifications of the position.


• 2 years of minimal experience in related responsibilities. We are growing very fast and for this reason, we are looking for several profiles with different years of experience and knowledge.
• Experience in the Finance sector is a plus.
• Desirable Certification: Certifications such as CISM, CISA, ISO27001 LI/LA, CISSP.
• Desirable Practices: NIST CyberSecurity Framework (NCF) or ISO/IEC27001 and best practices such as OWASP.


 •  English:Fluent
 •  Spanish:Fluent
 •  French:Optional



The IT Tools that has to use the IT Risks & Cyber SSC Engineer in their functions are:
– Corporate IT Tools.
– Advanced user in the office tools: Microsoft Excel, Microsoft Word and Microsoft Power Point.

Trasversal & Behavioral:

 •  Attention to detail/rigor
 •  Analytical Ability
 •  Ability to set up relevant performance indicators


• Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries.
• Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity).
• Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities.
• Flexible compensation plan
• Hybrid telecommuting model (50%)
• 31 vacation days

Diversity and Inclusion commitment

BNP Paribas Group in Spain is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.

Offers you may be interested in