Social network you want to login/join with:
Third Party Risk IT & Cybersecurity Auditor, hibrido, madrid
Client:
BNP Paribas
Location:
madrid, Spain
Job Category:
Other
EU work permit required:
Yes
Job Reference:
716539472132440064032460
Job Views:
2
Posted:
18.03.2025
Expiry Date:
02.05.2025
Job Description:
Third Party Risk IT & Cybersecurity Auditor
Who are we?
We are South Europe Technologies (S.ET), the IT, Data and Operations Shared Service Center of BNP Paribas Personal Finance, with delivery centers in Spain and Portugal, providing the best solutions to BNPP PF entities around the world such as Cetelem (specialized, among others, in financial partnership of major retailers, consumer goods companies and car dealerships).
Among other services, our portfolio includes: Applications Management (Architecture, Project Management, Development, and Quality Assurance), IT Risks Cybersecurity Services, Platforms Management, Data Analytics and AI, and Operations.
Our offices are in Spain (Madrid) and Portugal (Lisbon, Porto). The company brings together over 200+ employees, with expertise in various technologies (Java, .Net, Python, Tibco, APIGee) and other operational roles (Functional Analyst, Project Manager, Business Analyst, Auto Stock Financing operators). We keep growing!
About the job Main responsibility:
Governance and management of IT Risk and Cybersecurity controls. Your tasks would include supporting cybersecurity assessments based on ISO 27001 Norm.
In this context, your functions will be:
1. Perform and coordinate meetings with stakeholders of different entities (customers).
2. Perform and coordinate meetings with stakeholders of third parties (auditees).
3. Evaluate the cybersecurity and risk management maturity level of third parties (auditees) which provide services to BNPP entities.
4. Review provided evidence supporting third party answers to a control questionnaire.
5. Prepare reports and consolidate the main risks identified.
What it is in for you: A great international team providing services all around the world for BNP Paribas Personal Finance subsidiaries. Good perspective for growth: Service catalog is enlarged year after year to fulfill all the needs of BNP Paribas Personal Finance entities.
What we are looking for: You have a minimum of four years of proven working experience in the field (auditing or governance of IT and Cybersecurity risks and controls). You are a student/graduated in a computer science related career. Proven experience with the definition of action plans for identified risks. Knowledge of standards like ISO27005 or ISO27001. Understanding of information security and cyber risks related to the banking sector is a plus. Certifications such as CISM, CRISK, CISA, ISO27001LA are a nice to have. You are a structured analyst, capable of embracing and using data analytics to assess risks, scope audits and test controls. You are customer and service oriented (service delivery will be the heart of the activity). You are a Problem-Solving and Decision-Making person who demonstrates advanced analytical and diagnostic skills dealing with issues that are ambiguous, lack known precedent or appear contradictory. You see the big picture and are fully aware of technology and business directions while keeping department, corporate and group objectives in focus and identifying and removing barriers.
Skills:
Behavioural Skills: Attention to detail / Rigour, Communication skills - Oral and written, Planning skills.
Transversal Skills: Analytical ability, Ability to manage a project, Critical thinking.
Tools - Methodologies - Technologies: MS Office Pack (Excel, Word, Power Point).
Language skills: Proficient in English (Reading and writing - B2 minimum). Nice to have: French (Reading and writing).
About our culture:
We are proud to create, maintain and develop business solutions for BNP Paribas Group entities around the world, while keeping a high level of service and providing added value to our customers. Working in an Inclusive and Multicultural environment, we encourage everyone to develop their talents and skills, offering various career opportunities and internal mobility programs, within local SET teams or in other entities within the Group. We value our employees' experience by keeping a well-balanced environment with flexibility regarding the work schedule and care for everyone's personal time. We embraced a hybrid way of working because we believe social connection always adds value to our day-to-day activities.
Benefits: Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries. Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity). Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities. Flexible compensation plan. Hybrid telecommuting model (50%). 31 vacation days.
Diversity and inclusion commitment
Ciberseguridad, CISM, CRISK, CISA#J-18808-Ljbffr