Security Risk Officer | CIB

Company Description

Natixis in Portugal is a Centre of Expertise whose mission is to transform traditional banking by developing innovative solutions for the business, operations and work culture of Groupe BPCE worldwide.

Natixis in Portugal is part of the Global Financial Services division, where it applies technology for the development of financial expertise in its two global business lines – Corporate & Investment Banking and Asset & Wealth Management – and, transversally, for the entities of Groupe BPCE.

The Centre of Expertise, based in Porto, currently has more than 2,400 employees from over 30 nationalities, organised in three main departments: Information Technology, Banking Support Activities and Compliance. These teams work in an integrated, inclusive and transversal way, supporting and creating value for all the business lines and platforms of the group. The project in Porto is one of the biggest investments in Human Resources ever made by Groupe BPCE worldwide.

A disruptive mindset and a culture of proximity and agility identify Natixis in Portugal Team and reflect the company's mission to transform traditional banking at a global scale: a perfect match in the Portuguese dynamics and entrepreneurial ecosystem.

In 2024, Top Employers Institute has awarded Natixis in Portugal the Top Employer Portugal accreditation for the second time. This certification recognizes excellence in people practices, following the example of our head office, in France, who was certified Top Employer France for the eight year in a row.

Job Description

First Line of Defense (LoD1) IT Risk Management (ITRM) team plays a strategic role within our organization by monitoring topics related to IT Risks and by establishing operational standards in accordance with organizational policies, ensuring their effective implementation.
ITRM Lod1 team responsibilities also encompass reporting cyber and IT risk issues, developing action plans, and defining and implementing policies related to IT Asset Management (ITAM). Furthermore, we actively monitor obsolescence and vulnerabilities, supervise LoD1 controls, and assess the state of CIB & Risks, particularly in areas such as developer training on security, code vulnerabilities, and Checkmarx deployment.
At Natixis, we believe in fostering a diverse and inclusive workplace where everyone has the opportunity to thrive. We are committed to recruiting individuals with disabilities and are dedicated to providing an accessible environment for all employees. We encourage applicants of all backgrounds and abilities to apply, as we value the unique perspectives and contributions that each person brings to our team. If you require any accommodations during the application or interview process, please let us know, and we will be happy to assist you.


Main Tasks & Responsibilities:

• Communicate corporate governance, risk management, control strategies, frameworks, and policies.
• Communicate effectively with stakeholders, including senior management, to report on the status of technological risks, potential vulnerabilities, and the effectiveness of risk mitigation measures.
• Report on enterprise-wide technology risks to senior management.
• Provide independent oversight and challenge of IT team choices.
• Provide training tools and advice to your perimeters and promote a strong risk management culture.
• Ensure that activities comply with applicable laws and regulations.
• Identify potential technological risks that could impact the bank's operations, including cybersecurity threats, data breaches, system failures, and other IT-related risks.
• Assess the potential impact and likelihood of technological risks and work to quantify and prioritize these risks based on their severity and potential impact on the bank's operations.
• Continuously monitor and analyze the bank's technology infrastructure and systems to identify any emerging risks or vulnerabilities that could pose a threat to the bank's operations and data security.
• Ensure that the bank's technology systems and operations comply with relevant regulatory requirements and industry standards, such as data protection regulations and cybersecurity best practices.
• •Develop and implement risk mitigation strategies and controls to address identified technological risks, including collaborating with IT teams to implement security measures and controls.
• Contribute to the development and implementation of technology risk management policies and procedures to ensure the bank's technology infrastructure is secure and resilient.

Specific Responsibilities:

• Deploy new level 1 permanent controls
• Validate and supervise the execution of level 1 permanent controls level
• Ensure continuous improvement of level 1 permanent controls level
• Develop and maintain the technology risk management framework, policies, and procedures.
• Develop and maintain comprehensive reports on level 1 permanent controls compliance level.
• Communicate effectively with stakeholders, including senior management, to report on the status of level 1 permanent controls.
• Provide training, tools, and advice to staff members to promote a strong risk management culture and awareness of technology risks.

Qualifications

• Bachelor's degree in Computer Science, Information Technology, or related field
• Proven experience in technology risk management within the banking or financial services industry.
• Strong understanding of technology infrastructure, security principles, and risk assessment methodologies.
• Knowledge of regulatory requirements and industry standards related to technology risk management.
• Experience with Power BI and Excel.
• Knowledge of COBIT and ITIL framework is a plus.
• Relevant certifications such as ISO27001, ISO27005, CISSP, CISM, or CRISC are a plus.
• English level minimum B2
• Excellent analytical, problem-solving, and communication skills.
• Creative and proactive.
• Results oriented.
• Comfortable communicating with various stakeholders and senior management.
• Project management skills is a plus.
  
  If you are a proactive and results-oriented IT professional, we encourage you to apply for this exciting opportunity.

Additional Information

At Natixis, we are committed to fostering a working environment where each and every one of our people is treated with dignity and respect and where every voice is heard. Our differences make us collectively stronger and are a source of fulfilment, innovation and performance.

In the framework of its Diversity, Equity & Inclusion policy, Natixis in Portugal has implemented a Blind CV Screening process, with the purpose of reducing hiring bias. A blind CV excludes any personal details which refer to the applicant’s gender, age or ethnicity. When applying for our positions, please submit a blind CV, that is, with no picture, name, gender, age, nationality, ethnicity and address. Your personal statement, work experience, courses and certifications, education, skills and contact information is what matters to us.

#MuchMoreThanJustAJob

Early morning. Campo 24 de Agosto. In 4 minutes, you are clocking in at the office. Start your day having breakfast with the Team and grab fresh fruit on the way to your seat, in one of Porto’s most typical neighborhoods. This Purple Day is going to be a busy one: daily meeting ensuring all team members are on the same page regarding work status, priorities and blockers, language class and, just after, a Talent Management meeting with your manager, discussing your career path. 

Lunch break. Today, your Team is onboarding newcomers, but also welcoming French colleagues: the perfect excuse to walk downtown and bond over a francesinha. When returning, inhale nature and peace of mind in Natixis Urban Garden (look at the crops; ready to harvest!). 

Back inside. Brainstorming session on a new, exciting project in our disruptive and immersive Manaus Village. The afternoon went flying (tasks, meetings, some jokes with your teammates). End it on a high note: celebrating cultural diversity with a Diwali, the Indian festival of lights. 

Tomorrow, you attend a conference led by influential speakers in your industry and, the day after, you will work from home, benefitting from some focus time to complete that report and soft skills course on LinkedIn Learning. Once you are done with your work for the day, strike the right note playing with Natixis band or be part of a board games session. If that is too steady for you, meet your colleagues to catch some waves or sail the Douro river during golden hour.