BNPP Personal Finance CE.T is looking for a Senior IT Risk & Cyber Security Specialist to ensure the compliance of CE.T and 4 business PF entities in Central Europe with Group BNP Paribas and Central BNPP Personal Finance (PF) governance and framework, regulatory requirements and best practices.
Key Responsibilities
- Participate and contribute to the definition and deployment of CE.T IT Risk and Cyber Strategy
- Act as CE.T focal point with PF Central IT Risk and Cyber teams to steer the delivery of cyber services received from the Group
- Lead Cyber Security projects at CE.T level and provide expertise to the entity’s projects
- Provide executive oversight across Central Europe region to manage operational security priorities, monitor the effective implementation of IT security initiatives, and coordinate the execution of IT cybersecurity services for Transition Services Agreements
- Perform operational security activities and controls (DLP analysis, AV, patching and other threats monitoring and reporting)
- Support investigation of cyber or operational incidents to identify the root cause, estimate the business and financial impact, collect data and reports them, define action plans, implement, monitor and report their progress
- Perform IT risk and security assessments on request (TSA preparation, operational and network security, due diligence for third parties, review of evidences on business continuity plan…), including definition and coordination of risk remediation plans and associated reporting
- IT Risk management: perform and challenge risk assessment (RCSA), establish corrective measures with Business and IT stakeholders to reduce the identified risks. Work closely with PF RISK ORC to ensure IT risks are correctly reported and monitored. Coordinate and implement audit recommendations to ensure compliance with Group and regulatory requirements
- Serve as 1st Line of Defense for IT Risk & Cyber Security perimeters, perform the analysis of inputs received from several different stakeholders to execute the IT control campaigns, define remediation plans accordingly
- Coordinate the execution of the awareness campaigns to increase the level of awareness related to IT Risk & Cybersecurity within CE.T
- Coordinate the execution of Business Continuity and Crisis Management exercises of CE.T
- Lead the IT Risk & Cyber security Committees by ensuring the consistent and relevant reporting on CE.T overall IT Risk and cyber status (KPIs, maturity level, controls, procedures) and to enable the execution of its IT Risk strategy
- Produce dashboard and present statistical analysis to effectively measure and improve level of IT operational security and protection measures for Central Europe
- Monitor and coordinate the schedule of regular reports, dashboards and IT security controls plan for TSA
- Represent CE.T in BNPP PF international IT Risk and CISO community
Main stakeholders
- Entities’ CEOs and B-level, IT management (including CIO level and technical leaders such as IT Risk manager, CISO and CTO), business partners or external vendors of IT services when needed
Key Success Factors
- Deploy sustainable and efficient coverage of IT risk, cyber and continuity activities, including relevant indicators and reporting system
- Adopt proactive, facts-based and results-focused approach to ease decision-making process
- Anticipate Strategic and Business evolutions to address impacts on the assigned perimeter
What we are looking for:
- At least 8+ years of relevant experience in IT Risk Management and Cyber Security, preferably for international financial institutions or shared service centers
- Expert knowledge notably in network security, endpoint security and data loss prevention systems, Identity and Privileged Access Management, risk and security posture assessment
- Good knowledge in Third Party Risk management, application security, secure coding practices, OWASP, Static or Dynamic Application Security Testing (SAST, DAST)
- Effective experience in execution of controls plan, procedures creation, review and adaptation on IT Risk, cyber security and continuity framework, successful delivery of IT Security projects
- Proactive attitude, excellent analytical and problem-solving mindset with strong attention to detail
- Good interpersonal skills and cooperative attitude to manage multiple stakeholders and providers in an international context
- Excellent verbal and written communication skills in English to formalize and produce reporting (French is a plus)
Who are we?
We’re part of one of the largest banking groups in the world and we’re conducting its best IT projects!
Central Europe Technologies (CET) is an expertise Shared Service Center for BNP Paribas Group, subsidiaries serving 19 countries and we are continuously expanding.
Our offices are located in Romania, in Bucharest, Brasov and Cluj. The company brings together over 300 employees, with expertise in various technologies (Java, .Net, COBOL) and other operational roles (credit analysts, System Expert administrators).
About our culture:
We are proud to create, maintain and develop strategic business applications for BNP Paribas Group entities around the world, while keeping a high level of service and providing added value to our customers.
Working in a multicultural environment, we encourage our people to develop their talents and skills, offering various career opportunities and internal mobility programs, within local CET teams or in other entities within the Group, both in Romania and abroad.
We value our employees’ experience by keeping a well-balanced environment with flexibility regarding the work schedule and care for everyone’s personal time. We embraced a hybrid way of working because we believe social connection always adds value to our day-to-day activities.
Diversity and inclusion are among our core values, as CET is an equal opportunity employer. Therefore, we are committed to ensure employment opportunities regardless of race, skin color, beliefs, religion, nationality, ethnic background, age, sex, sexual orientation, marital status or political opinions.
Read Full Description