C-TRM Controller

Team presentation and main goal:  

The Compliance area ensures business follows external as well as internal rules and policies and also internal controls protecting therefore business activities and employees from noncompliance risks. 

At Natixis Portugal Compliance provides specialized services for worldwide GFS and Groupe BPCE.  

With growing security threats and everincreasing regulatory complexity our information security and risk practices continue to expand. As part of our technology risks management framework the CTRM will help to ensure that appropriate risk management policies exist and are implemented to safeguard business activities at Natixis Portugal. The role will work in close liaison with head office to ensure where appropriate that group policies are incorporated locally. 

This role sits within the Compliance and it will report directly to Natixis Portugal Head of Compliance. 

Main tasks and goals: 

As a control function the CTRM controller is independent from the Technology operational units and directly reports to the local CISO function. It is directly accountable to the management body and responsible for monitoring and controlling adherence to the Technology Risk Management framework. 

The CTRM controller will: 

• Support the establishment and communication of GFSs governance risk and control strategies frameworks and policies; 
• Identify manage measure and monitor technology risks with regards to business impacts threats and weaknesses; 
• Determine the criticality of the technology assets in coordination with the first line of defence (LoD1); 
• Provide oversight and independent challenge to the first line through an effective objective assessment that is evidenced and documented where material; 
• Identify assess and communicate relevant regulatory changes; 
• Ensure activities are compliant with applicable laws and regulations; 
• Support the monitoring and reporting on compliance with the Natixis Technology Risk Appetite and policies; 
• Escalate technology risk issues in a timely manner; 
• Provide training tools and advice to support the first line in carrying out its accountabilities; 
• Support the promotion of a strong risk management culture and awareness 

Qualifications :

• Graduation in Engineering Management or Finance 
• 13 years of experience in:

1. Technology Risk Management 
2. Information Security Management 
3. Governance and technical aspects of data classification data protection cyber security access management SIEM and incident management 
4. Outsourcing project management 
5. Establishing riskbased security policies 

• Fluency in English is mandatory; and knowledge of French is a plus.
• Good knowledge of Banking Regulations and/or corporate and banking business (to drive security into new business products and activities) 
• Sense of ownership and responsibility  
• Ability to challenge status quo and advocate a riskbased approach of controls 
• Creativity initiative and resultdriven orientation  
• Communication skills 
• Ability to deal with senior management 

We will only consider English CVs. 

Additional Information :

At Natixis we are committed to fostering a working environment where each and every one of our people is treated with dignity and respect and where every voice is heard. Our differences make us collectively stronger and are a source of fulfilment innovation and performance.

In the framework of its Diversity Equity & Inclusion policy Natixis in Portugal has implemented a Blind CV Screening process with the purpose of reducing hiring bias. A blind CV excludes any personal details which refer to the applicants gender age or ethnicity. When applying for our positions please submit a blind CV that is with no picture name gender age nationality ethnicity and address. Your personal statement work experience courses and certifications education skills and contact information is what matters to us.

#MuchMoreThanJustAJob

Early morning. Campo 24 de Agosto. In 4 minutes you are clocking in at the office. Start your day having breakfast with the Team and grab fresh fruit on the way to your seat in one of Portos most typical neighborhoods. This Purple Day is going to be a busy one: daily meeting ensuring all team members are on the same page regarding work status priorities and blockers language class and just after a Talent Management meeting with your manager discussing your career path. 

 Lunch break. Today your Team is onboarding newcomers but also welcoming French colleagues: the perfect excuse to walk downtown and bond over a francesinha. When returning inhale nature and peace of mind in Natixis Urban Garden (look at the crops; ready to harvest!). 

 Back inside. Brainstorming session on a new exciting project in our disruptive and immersive Manaus Village. The afternoon went flying (tasks meetings some jokes with your teammates). End it on a high note: celebrating cultural diversity with a Diwali the Indian festival of lights. 

 Tomorrow you attend a conference led by influential speakers in your industry and the day after you will work from home benefitting from some focus time to complete that report and soft skills course on LinkedIn Learning. Once you are done with your work for the day strike the right note playing with Natixis band or be part of a board games session. If that is too steady for you meet your colleagues to catch some waves or sail the Douro river during golden hour.

Remote Work :

No

Employment Type :

Fulltime