Product Catalog Coordinator

Descripción del trabajo Third Party Risk IT & Cybersecurity Auditor

Who are we?

We are South Europe Technologies (S.ET), the IT, Data and Operations Shared Service Center of BNP Paribas Personal Finance, with delivery centers in Spain and Portugal, providing the best solutions to BNPP PF entities around the world such as Cetelem (specialized, between others, in financial partnership of major retailers, consumer goods companies and car dealerships).

Among other services, our portfolio is composed of : Applications Management (Architecture, Project Management, Development, and Quality Assurance), IT Risks Cybersecurity Services, Platforms Management, Data Analytics and AI, Operations. Our offices are in Spain (Madrid) and Portugal (Lisbon, Porto). The company brings together over 200+ employees, with expertise in various technologies (Java, .Net, Python, Tibco, APIGee) and other operational roles (Functional Analyst, Project Manager, Business Analyst, Auto Stock Financing operators). We keep growing!

About the job

Main responsibility : Governance and management of IT Risk and Cybersecurity controls, your tasks would be to support cybersecurity assessments based on ISO 27001 Norm. In this context, your functions will be :

1. Perform and coordinate meetings with stakeholders of different entities (customers).
2. Perform and coordinate meetings with stakeholders of third parties (auditees).
3. Evaluate the cybersecurity and risk management maturity level of third parties (auditees) which provides services to BNPP entities.
4. Review provided evidence supporting third party answers to a control questionnaire.
5. Prepare reports and consolidate the main risks identified.

What it is in for you :

A great international team providing services all around the world for BNP Paribas Personal Finance subsidiaries. Good perspective for growth : Service catalog is enlarged year after year in order to fulfil all the needs of BNP Paribas Personal Finance entities.

What we are looking for :

You have minimum four years of proven working experience in the field (auditing or governance of IT and Cybersecurity risks and controls). Student / graduated of a computer science related career. Proven experience with the definition of action plans for identified risks. Knowledge of standards like ISO27005 or ISO27001. Understanding of information security and cyber risks related to the banking sector is a plus. Certifications such as CISM, CRISK, CISA, ISO27001LA are a nice to have. Structured analyst, capable to embrace and use data analytics to assess risks, scope audits and test controls. Customer and service oriented (service delivery will be the heart of the activity). You are a Problem-Solving and Decision-Making person, who :

• Demonstrates advanced analytical and diagnostic skills dealing with issues that are ambiguous, lack known precedent or appear contradictory.
• Sees the big picture and is fully aware of technology and business directions.
• Has department, corporate and group objectives in focus while identifying and removing barriers.

Skills :

Behavioural Skills : Attention to detail / Rigour, Communication skills - Oral written, Planning skills

Transversal Skills : Analytical ability, Ability to manage a project, Critical thinking

Tools - Methodologies - Technologies : MS Office Pack (Microsoft Excel, Word, Power Point)

Language skills : Proficient in English (Reading and writing - B2 minimum). Nice to have : French (Reading and writing).

About our culture :

We are proud to create, maintain and develop business solutions for BNP Paribas Group entities around the world, while keeping a high level of service and providing added value to our customers. Working in an Inclusive and Multicultural environment, we encourage everyone to develop their talents and skills, offering various career opportunities and internal mobility programs, within local SET teams or in other entities within the Group. We value our employees' experience by keeping a well-balanced environment with flexibility regarding the work schedule and care for everyone's personal time. We embraced a hybrid way of working because we believe social connection always adds value to our day-to-day activities.

Benefits :

Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries. Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity). Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities. Flexible compensation plan. Hybrid telecommuting model (50%). 31 vacation days.