Junior Security Risk Officer (French Speaker) | SG at Natixis in Portugal

Porto, , Portugal -

Full Time

Start Date

Immediate

Expiry Date

16 Jul, 26

Salary

0.0

Posted On

17 Apr, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cybersecurity, Risk analysis, IT risk management, Cloud security, AWS, MS Azure, Software development life cycle, Archer, MS Excel, PowerBI, Splunk, ISO27001, Information systems, Compliance, Stakeholder management

Industry

IT Services and IT Consulting

Description

Company Description Natixis in Portugal is a Centre of Expertise whose mission is to transform traditional banking by developing innovative solutions for the business, operations and work culture of Groupe BPCE worldwide. As part of Groupe BPCE’s international division, Natixis in Portugal designs and delivers solutions for its two core areas — Corporate & Investment Banking and Asset & Wealth Management — as well as transversal services that support all entities across the Group. With more than 3,000 employees representing 46 nationalities, the teams work across Information Technology, Banking Support Activities, and Compliance, in an integrated, inclusive, and cross-functional way, supporting all business lines and platforms of the Group. A disruptive mindset and a culture of proximity and agility identify Natixis in Portugal Team and reflect the company's mission to transform traditional banking at a global scale: a perfect match in the Portuguese dynamics and entrepreneurial ecosystem. Job Description The Groupe BPCE DSG provides the second line of defense (LoD2) regarding IT risks (including cyber risk), business continuity, safety of staff and premises and external fraud. The Groupe BPCE DSG oversights all the entities of the Group. The TRM center of expertise (CE TRM) coordinates LoD2 operations (risk analysis, level 2 controls, action plans, security reviews, etc.) for all group establishments that have adopted the Technology Risks Management (TRM) model. The DSG works in close collaboration with the entities of the Group (BPCE-IT, BPCE SI, IT departments of Natixis and BPCE SA, etc.), and the Operational Risk departments. The G-TRM team at Natixis Portugal oversees operating level 2 controls of TRM type for all the entities covered by CE TRM. These L2 controls are related to all taxonomies covered by CE-TRM and policies validated on BPCE Groupe. Key tasks and objectives: Take responsibility for carrying out LoD2 control operations. Follow up on remediations in case of non-compliance. Identify potential improvements and share them with CE TRM. Gap analysis and refinement of use cases for relevant threat response. Ensure continuous improvement of level 2 permanent controls level Develop and maintain the technology risk management framework, policies, and procedures. Develop and maintain comprehensive reports on level 2 permanent controls compliance level. Communicate effectively with stakeholders to report on the status of level 2 permanent controls. What we require of you Strong background across the wide security landscape Analysis skills to assess security tools to improve BPCE security by design framework Evidence of a strong understanding of securing a software development life cycle Significant experience in a role with all IaaS / SaaS / Cloud; specifically AWS and MS Azure You will be in close cooperation with all the players in the second line of defense teams (Information system Security, Legal, Business Continuity, Data Privacy) and other IT Departments Qualifications We would expect you to have: Degree in one of these areas: Cybersecurity; IT Engineer; Managing IT Systems Fluency in English and Good level of French (Mandatory); Advanced Knowledge of Drive (Archer); MS Excel; PowerBI; Splunk. Certification of other security or IS audit standard (preferred) a good knowledge of information systems and technologies. a critical and result-oriented mindset. been able to demonstrate your autonomy and proactiveness. knowledge of the banking and insurance sectors. Experience with Power BI and Excel. Knowledge of regulatory requirements and industry standards related to technology risk management such as ISO27001. Results oriented. Comfortable communicating with various stakeholders and senior management. Additional Information Our workplace reflects the vibrant spirit of our locations, with initiatives such as a Green Transportation Budget, electric bikes and a flexible Hybrid Work Policy. We promote wellbeing through the Honolulu Wellness Club, a Prayer Room, a Lactation Room, and themed Villages that inspire creativity and collaboration. Through our ESG and DEI strategies, we are commit to being inclusive, caring, and fair, ensuring every voice is heard and valued.

Responsibilities

The role involves carrying out second line of defense control operations and following up on non-compliance remediations. You will also develop and maintain technology risk management frameworks while reporting on compliance levels to stakeholders.