IT Risk

**GROUP BNP PARIBAS**

BNP Paribas Group is the top bank in the European Union and a major international banking establishment. It has close to 185,000 employees in 65 countries. In Spain we are more than 5,100 employees within 13 business lines.

**SPAIN IT PRODUCTION**:
Spain IT Production organization consists of CIB ITO & ITG IT Platforms and is responsible for providing IT Production services to our Clients in EMEA, ensuring a Digital Market evolution, in a secured and performant environment, and with a reliable quality. IT Production organization includes Infrastructure services, Telecom & Workspace, Production Security and Application Production domains and associated transversal services (CTO Office, Control Tower, PMO and IT Continuity). In Spain, IT Production relies on a Platform with over 400 experts that provide full-stack support services ensuring a secure, stable, standardized, and efficient production.

**ABOUT THE JOB**:
MISSION

We are looking for an IT Risk & Cyber Security Analyst in charge of assessing Cyber risks on the IT production perimeter for outsourced activities as well as a contribution of Cyber expertise in support of the CISO.

RESPONSIBILITIES

The main activities and missions will be:
In charge of CISO activities related to Third Parties Risk Management on IT production perimeter:

- Step 1 - Cyber Risk Identification & Assessment:
- Identify and assess the ICT and Cyber Security Risk of the activity in a context of an externalization.
- Initiate the overall process which includes preliminary risk identification, analysis and evaluation.
- Define / recommend activities that are adequate to the risk level to perform before the validation committee.
- Identify ICT and cyber security need.
- Step 2 - IT Risk & Cyber Security Due Diligence:
- Assess the compliance of the proposal of the service provided by the suppliers to the ICT applicable requirements for protecting BNP Paribas
- Select the most suitable supplier among the shortlisted ones.
- Step 3 - Contract Negotiation:
- Formalize the applicable conditions to the service provided and the Supplier's commitment to implement agreed Cyber Security measures.

Proposal and validation of evolutions in the hardening rules of the security of the products used within the Group:

- Assist product owner in writing hardening rules
- Review hardening rules published previously
- Align hardening rules with other production security teams
- Coordinate the implementation of control rules
- Analyze and assess the Asset Classification from a Security perspectives
- Review the answers of Security and IT Architecture questionnaire

Add Key requirements from Group BNPP Security framework to comply with

**REQUIREMENTS**:
Studies

Master Degree or equivalent

Experience

At least 5 years

Languages

High level of English mandatory

**SKILLS**:
Technical

Expertise in computer security standards and frameworks and the main IT & security risk frameworks (NIST, CIS, ISO27001, EBIOS, etc.),

Expertise in the main types of cybersecurity incidents and how to protect against them.

Technical expertise in IT/Cloud infrastructures, usual products and technologies

Critical mind, good analytical and synthesis skills.

Rigor, curiosity, autonomy, involvement, availability and taste for teamwork.

Ability to listen and communicate to convince, adapting to one's interlocutors.

Ability to take a step back and formalize needs, write synthesis documents and report on work.

Animation of transversal working groups.

Very good command of English (written/spoken).
- French speaking will be appreciated.

Transversal & Behavioral

Ability to collaborate / Teamwork

Attention to detail / rigor

Ability to deliver / Results driven

Analytical Ability

Ability to set up relevant performance indicators

Ability to inspire others & generate people's commitment

**BENEFITS**:

- Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries.
- Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity).
- Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities.
- Flexible compensation plan.
- Hybrid telecommuting model (50%).
- 31 vacation days.

**DIVERSITY AND INCLUSION COMMITMENT**: