Security Risk Officer

Team presentation and main goal:

The Groupe BPCE DSG provides the second line of defense (LoD2) regarding IT risks (including cyber risk) business continuity safety of staff and premises and external fraud.

The Groupe BPCE DSG oversights all the entities of the Group which includes the retail banking (such as the French Banques Populaires and the Caisses dEpargne) but also the global banking (such as the CIB or the Asset and Wealth Management).

The TRM center of expertise (CE TRM) coordinates LoD2 operations (risk analysis level 2 controls action plans security reviews etc.) for all group establishments that have adopted the Technology Risks Management (TRM) model.

The DSG works in close collaboration with the entities of the Group (BPCEIT BPCE SI IT departments of Natixis and BPCE SA etc.) and the Operational Risk departments.

The GTRM team at Natixis Portugal oversees operating level 2 controls of TRM type for all the entities covered by CE TRM. These L2 controls are related to all taxonomies covered by CETRM and policies validated on BPCE Groupe.

As part of the GTRM team you will be part of the Security Design & Delivery team working alongside our global Governance Risk & Compliance and Security Operations teams. Your mission consists in supporting the TRM Center of Expertise (CE TRM) located in Paris by performing Security by design activities.

Main tasks and goals:

• Owning the security architecture deliverables within SIs cloud Center of Excellence strategy;
• Owning the creation and development of all technical standards within the security roadmap working with Security Operations and Leadership to deliver functional requirements;
• Providing dedicated technical expertise and knowledge to support the risk management framework;
• Driving security by design throughout both lines of business and BPCE through engagement with stakeholders from all levels;
• Assessing business requirements to select the most appropriate security controls;
• Mastering the internal catalog of security solutions and be able to advise the business on requirements implementation and analyze technical alternatives if needed;
• Identifying new tools and technologies which enable the achievement of business goals;
• Proactively identifying vulnerabilities to business systems and designing and implementing security controls.

Gap analysis and refinement of use cases for response to relevant threats.

What we require of you:

• Strong background across the wide security landscape;
• Demonstrable experience of being in senior technical and handson security roles;
• Proven track record of designing and delivering cloud infrastructure security controls;
• Costbenefit analysis skills to assess security tools to improve BPCE security by design framework;
• Evidence of a strong understanding of securing a software development life cycle;
• Significant experience in a role with all IaaS / SaaS / Cloud; specifically AWS and MS Azure;
• Fully competent in delivering technical projects using Project Management methods. 

You will be in close cooperation with all the players in the second line of defense teams (Information system Security Legal Business Continuity Data Privacy) and other IT Departments. 

Qualifications :

• Degree in one of these areas: Cybersecurity; IT Engineer; Managing IT Systems;
• 3 years of Managing IT Risks and Security by Design;
• 13 years of Risk HeatMap;
• >1 year of Pentests and Audits;
• Fluency in English and Good level of French (Mandatory);
• Advanced Knowledge of Drive (Archer) MS Excel PowerBI Splunk;
• Certification of other security or IS audit standard (preferred);
• a good knowledge of information systems and technologies;
• a critical and resultoriented mindset;
• been able to demonstrate your autonomy and proactiveness;
• knowledge of the banking and insurance sectors.
• Fluency in English and French.

We will only consider English CVs.

Additional Information :

At Natixis we are committed to fostering a working environment where each and every one of our people is treated with dignity and respect and where every voice is heard. Our differences make us collectively stronger and are a source of fulfilment innovation and performance.

In the framework of its Diversity Equity & Inclusion policy Natixis in Portugal has implemented a Blind CV Screening process with the purpose of reducing hiring bias. A blind CV excludes any personal details which refer to the applicants gender age or ethnicity. When applying for our positions please submit a blind CV that is with no picture name gender age nationality ethnicity and address. Your personal statement work experience courses and certifications education skills and contact information is what matters to us.

#MuchMoreThanJustAJob

Early morning. Campo 24 de Agosto. In 4 minutes you are clocking in at the office. Start your day having breakfast with the Team and grab fresh fruit on the way to your seat in one of Portos most typical neighborhoods. This Purple Day is going to be a busy one: daily meeting ensuring all team members are on the same page regarding work status priorities and blockers language class and just after a Talent Management meeting with your manager discussing your career path. 

 Lunch break. Today your Team is onboarding newcomers but also welcoming French colleagues: the perfect excuse to walk downtown and bond over a francesinha. When returning inhale nature and peace of mind in Natixis Urban Garden (look at the crops; ready to harvest!). 

 Back inside. Brainstorming session on a new exciting project in our disruptive and immersive Manaus Village. The afternoon went flying (tasks meetings some jokes with your teammates). End it on a high note: celebrating cultural diversity with a Diwali the Indian festival of lights. 

 Tomorrow you attend a conference led by influential speakers in your industry and the day after you will work from home benefitting from some focus time to complete that report and soft skills course on LinkedIn Learning. Once you are done with your work for the day strike the right note playing with Natixis band or be part of a board games session. If that is too steady for you meet your colleagues to catch some waves or sail the Douro river during golden hour.

Remote Work :

No

Employment Type :

Fulltime