Chief Information Security Officer

At Kantox we are looking for a ‘tactical’ CISO to drive the security, resilience and IT Risk agenda. As a new dedicated role the CISO will be a trusted advisor to the business, senior management and a partner of BNP Paribas CIB. IT Risk, Cybersecurity and cyber resilience are constantly evolving and are under increased scrutiny by the bank’s management. You will significantly contribute to Kantox management ambition to ensure more effective IT risk management in the context of material evolution and increased threat. **The Kantox Engineering Manifesto**: Kantox is a team sport. Our engineering culture is devoid of egos yet we take great pride in our work. We believe in constructively challenging each other pushing our knowledge, code, processes to the absolute limit. Our processes are based around continual self improvement, continuous code integration and deployment. **Your mission within Kantox**: The Kantox CISO will be in charge of ensuring the maintenance of the ISO270001 Certified ISMS and to evolve the systems and drive forward the maturity of the Kantox security posture. You will be in charge of determining the cyber security programme and operating model in conjunction with the CTO, business and board of directors with the support of BNPP Corporate and Institutional Banking **Security & Operational Resilience** - Operate and evolve the ISMS in alignment with ISO 27001 and other information security requirements - Grow and develop security programmes focusing on: - Vulnerability Management - Application Security - Data Protection & Technical Security - Security Architecture - Cloud Security - Incident Management & Monitoring - Threat Intelligence & Horizon Scanning - Identity & Access Management (incl. Privileged access) - Performing cybersecurity assessments as required by policies or regulations; - Ensuring appropriate awareness for Cybersecurity and Resilience; - Contributing to operational resilience (DORA) **Governance** - Develop and operate governance mechanisms aligned to risk and scale of an SME - Align to relevant Group practices and processes (with support of BNP Paribas CISO Global Markets) **Who you are**: - Excellent understanding of IT Risk management concepts and their implementation (not limited to IT Security) - Strong technical skills required to understand vulnerabilities in detail and how to resolve/mitigate them, therefore being in capacity to assess effectiveness of measures and residual risk. - Excellent knowledge of IT best practices, from development to production and security - Familiarity with security risk standards, such as ISO 31000/27001/27005 - Well-developed written communication skills with the ability to summarise key issues, conclusions and recommendations. Target audiences will include regulatory authorities, internal/external auditors and senior business stakeholders - Awareness of key FFIEC and NIST standards related to IT security or IT Risk (NIST Cyber is a must) - A pragmatist with the strength of character to lead divergent interests to common ground and the best outcome - Able to communicate effectively across a wide range of seniorities from entry level developer to senior management. - Approachable and willing to share their expertise and experience in order to assist the development of teams and individuals - English fluency is a must **Preferred**: - Any experience with operating systems with a heavy public cloud footprint - Any experience in the currencies or payment space. - Exposure to NIST SP 800-30, ISACA IT Risk framework or equivalent - Familiarity with product adoption life cycles, with an understanding of the different methods technologies, products and approaches can be introduced to an enterprise and the merits of each **Our culture**: - An environment of innovation, accountability, and constructive feedback - A diverse and multicultural team of over 40 different nationalities - Grow your role and build your career with our learning and development opportunities. - A collaborative and inclusive culture of sharing and teamwork. Build connections for life. - Hybrid working and flexible hours so you can work when and where you feel best - Some testimonials: “The culture and the people at Kantox make me want to recommend Kantox as a place to work. There is a good balance between learning and growing and support from fellow team members. I feel like the people are very welcoming and make Kantox an easy place to feel at home." **What we offer**: - Competitive salary - Sponsored learning budget - Free private health insurance - Free Spanish, English and French lessons - Relocation package if needed - Flexible working hours with an intensive Friday schedule - Hybrid work model - 31 days of annual vacations - Gym discounts and free sport activities - Restaurant Ticket with monthly credit and regular cross-team lunches - Fresh fruit and unlimited coffee - Beautiful office with incredible 360-degree views of Barcelona **About