Security Risk Officer | CIB

First Line of Defense (LoD1) IT Risk Management (ITRM) team plays a strategic role within our organization by monitoring topics related to IT Risks and by establishing operational standards in accordance with organizational policies ensuring their effective implementation.
ITRM Lod1 team responsibilities also encompass reporting cyber and IT risk issues developing action plans and defining and implementing policies related to IT Asset Management (ITAM). Furthermore we actively monitor obsolescence and vulnerabilities supervise LoD1 controls and assess the state of CIB & Risks particularly in areas such as developer training on security code vulnerabilities and Checkmarx deployment.
At Natixis we believe in fostering a diverse and inclusive workplace where everyone has the opportunity to thrive. We are committed to recruiting individuals with disabilities and are dedicated to providing an accessible environment for all employees. We encourage applicants of all backgrounds and abilities to apply as we value the unique perspectives and contributions that each person brings to our team. If you require any accommodations during the application or interview process please let us know and we will be happy to assist you.


Main Tasks & Responsibilities:

• Communicate corporate governance risk management control strategies frameworks and policies.
• Communicate effectively with stakeholders including senior management to report on the status of technological risks potential vulnerabilities and the effectiveness of risk mitigation measures.
• Report on enterprise-wide technology risks to senior management.
• Provide independent oversight and challenge of IT team choices.
• Provide training tools and advice to your perimeters and promote a strong risk management culture.
• Ensure that activities comply with applicable laws and regulations.
• Identify potential technological risks that could impact the banks operations including cybersecurity threats data breaches system failures and other IT-related risks.
• Assess the potential impact and likelihood of technological risks and work to quantify and prioritize these risks based on their severity and potential impact on the banks operations.
• Continuously monitor and analyze the banks technology infrastructure and systems to identify any emerging risks or vulnerabilities that could pose a threat to the banks operations and data security.
• Ensure that the banks technology systems and operations comply with relevant regulatory requirements and industry standards such as data protection regulations and cybersecurity best practices.
• Develop and implement risk mitigation strategies and controls to address identified technological risks including collaborating with IT teams to implement security measures and controls.
• Contribute to the development and implementation of technology risk management policies and procedures to ensure the banks technology infrastructure is secure and resilient.

Specific Responsibilities:

• Deploy new level 1 permanent controls
• Validate and supervise the execution of level 1 permanent controls level
• Ensure continuous improvement of level 1 permanent controls level
• Develop and maintain the technology risk management framework policies and procedures.
• Develop and maintain comprehensive reports on level 1 permanent controls compliance level.
• Communicate effectively with stakeholders including senior management to report on the status of level 1 permanent controls.
• Provide training tools and advice to staff members to promote a strong risk management culture and awareness of technology risks.

Qualifications :

• Bachelors degree in Computer Science Information Technology or related field
• Proven experience in technology risk management within the banking or financial services industry.
• Strong understanding of technology infrastructure security principles and risk assessment methodologies.
• Knowledge of regulatory requirements and industry standards related to technology risk management.
• Experience with Power BI and Excel.
• Knowledge of COBIT and ITIL framework is a plus.
• Relevant certifications such as ISO27001 ISO27005 CISSP CISM or CRISC are a plus.
• English level minimum B2
• Excellent analytical problem-solving and communication skills.
• Creative and proactive.
• Results oriented.
• Comfortable communicating with various stakeholders and senior management.
• Project management skills is a plus.
  
  If you are a proactive and results-oriented IT professional we encourage you to apply for this exciting opportunity.

Additional Information :

At Natixis we are committed to fostering a working environment where each and every one of our people is treated with dignity and respect and where every voice is heard. Our differences make us collectively stronger and are a source of fulfilment innovation and performance.

In the framework of its Diversity Equity & Inclusion policy Natixis in Portugal has implemented a Blind CV Screening process with the purpose of reducing hiring bias. A blind CV excludes any personal details which refer to the applicants gender age or ethnicity. When applying for our positions please submit a blind CV that is with no picture name gender age nationality ethnicity and address. Your personal statement work experience courses and certifications education skills and contact information is what matters to us.

#MuchMoreThanJustAJob

Early morning. Campo 24 de Agosto. In 4 minutes you are clocking in at the office. Start your day having breakfast with the Team and grab fresh fruit on the way to your seat in one of Portos most typical neighborhoods. This Purple Day is going to be a busy one: daily meeting ensuring all team members are on the same page regarding work status priorities and blockers language class and just after a Talent Management meeting with your manager discussing your career path. 

Lunch break. Today your Team is onboarding newcomers but also welcoming French colleagues: the perfect excuse to walk downtown and bond over a francesinha. When returning inhale nature and peace of mind in Natixis Urban Garden (look at the crops; ready to harvest!). 

Back inside. Brainstorming session on a new exciting project in our disruptive and immersive Manaus Village. The afternoon went flying (tasks meetings some jokes with your teammates). End it on a high note: celebrating cultural diversity with a Diwali the Indian festival of lights. 

Tomorrow you attend a conference led by influential speakers in your industry and the day after you will work from home benefitting from some focus time to complete that report and soft skills course on LinkedIn Learning. Once you are done with your work for the day strike the right note playing with Natixis band or be part of a board games session. If that is too steady for you meet your colleagues to catch some waves or sail the Douro river during golden hour. 

Remote Work :

No