Vendor Risk Officer

Team presentation and main goal:

The CIO Office is a transversal department working for the IT of the group. This aim of this area is foster a

consolidated view of IT that is split in various business units enabling enhanced management and

communication for the scope.

The CIO Office operates in close connection with the support functions to promote more efficient channels

of communication for management control.

The main areas of scope of the CIO Office are: Project based management associated with resources

activities and planning control. In addition it includes control activities associated with KPI implementation

and monitoring financial and Budget control. As well the CIO Office aims to harmonize the practices and

rules to facilitate a crosscutting understanding of the challenges and the need.

Main tasks and goals:

As a Vendor Risk Officer you will be instrumental in driving the organizations vendor risk management initiatives. Your expertise will help us maintain effective oversight of our supplier relationships and ensure that we mitigate potential risks. Your key responsibilities will include:

• Supplier Risk Management: Oversee the global supplier risk framework ensuring compliance with organizational policies and industry regulations. Your proactive approach will help identify and manage potential risks linked to our vendors.
• Committee Engagement: Facilitate the Natixis Vendor Risk Management (VRM) Committee and collaborate closely with local procurement teams to promote best practices in vendor risk management. 
• Contractual Support: Assist in the contractualization process ensuring that all vendor agreements include appropriate risk mitigation measures and comply with our established policies.
• Vendor Risk Monitoring: Continuously monitor and evaluate risks associated with vendors ensuring timely identification reporting and management of any potential threats to the organization.
• Incident FollowUp: Track and manage vendor incidents ensuring that appropriate corrective actions are taken swiftly while maintaining thorough documentation of all vendorrelated issues.
• LOD1 Controls Management: Take charge of managing Line of Defense 1 (LOD1) controls ensuring that they are executed effectively and efficiently by coordinating the definition of LOD1.2 controls (nature of the control actors involved tools) along with the writing of relevant policies and procedures.
• Risk Assessment Execution: Execute LOD1.2 controls on risk assessments ensuring quality in qualification the validation process and periodic updates coming from BPCE Achats & Services Shared Services Center or managed locally by international platforms.
• Regulatory Compliance: Handle regulatory notifications (including those from the ECB) and ensure compliance with DORA and EBA requirements maintaining the correctness of all fields in relevant registers.
• Data Quality Assurance: Play a critical role in the Grasp tool migration project ensuring data integrity and quality in the target repository collaborating closely with the IT team in Porto and Natixis stakeholders.
• Activity Reporting: Ensure the followup of risk assessments coordinated by BPCE Achats & Services Shared Service Center providing thorough reporting and activity updates to stakeholders.
• Project Participation: Actively engage in team projects and other significant initiatives relevant to vendor risk management contributing for the overall success of the VRM function.

Your ability to communicate effectively and collaborate with various stakeholdersincluding procurement compliance and legal teamswill be essential to your success in this role. As well youll need to have a keen eye for detail a strong understanding of vendor risk management principles. This role will entail significant contact with our headquarters in France so your ability to communicate and speak the language will be a major plus.

Qualifications :

• Degree in relevant area
• 2 years experience in customer support management control and/or project management.
• At least a B2 level of English and a B2 Level of French (mandatory)
• 1 year Purchase to Pay knowledge
• 1year Suppliers / KYS knowledge
• 1 year Contract management
• 1 year Risk analysis
• Knowledge of Priscop; Grasp ; Ivalua Harmoni will be a plus.

We will only consider English Cvs.

Additional Information :

At Natixis we are committed to fostering a working environment where each and every one of our people is treated with dignity and respect and where every voice is heard. Our differences make us collectively stronger and are a source of fulfilment innovation and performance.

In the framework of its Diversity Equity & Inclusion policy Natixis in Portugal has implemented a Blind CV Screening process with the purpose of reducing hiring bias. A blind CV excludes any personal details which refer to the applicants gender age or ethnicity. When applying for our positions please submit a blind CV that is with no picture name gender age nationality ethnicity and address. Your personal statement work experience courses and certifications education skills and contact information is what matters to us.

#MuchMoreThanJustAJob

Early morning. Campo 24 de Agosto. In 4 minutes you are clocking in at the office. Start your day having breakfast with the Team and grab fresh fruit on the way to your seat in one of Portos most typical neighborhoods. This Purple Day is going to be a busy one: daily meeting ensuring all team members are on the same page regarding work status priorities and blockers language class and just after a Talent Management meeting with your manager discussing your career path. 

Lunch break. Today your Team is onboarding newcomers but also welcoming French colleagues: the perfect excuse to walk downtown and bond over a francesinha. When returning inhale nature and peace of mind in Natixis Urban Garden (look at the crops; ready to harvest!). 

Back inside. Brainstorming session on a new exciting project in our disruptive and immersive Manaus Village. The afternoon went flying (tasks meetings some jokes with your teammates). End it on a high note: celebrating cultural diversity with a Diwali the Indian festival of lights. 

Tomorrow you attend a conference led by influential speakers in your industry and the day after you will work from home benefitting from some focus time to complete that report and soft skills course on LinkedIn Learning. Once you are done with your work for the day strike the right note playing with Natixis band or be part of a board games session. If that is too steady for you meet your colleagues to catch some waves or sail the Douro river during golden hour.

Remote Work :

No