Cloud Risk and Cyber Security Senior Officer - Lisboa, Portugal - BNP Paribas

BNP Paribas
BNP Paribas
Empresa verificada
Lisboa, Portugal

há 1 mês

João Santos

Postado por:

João Santos

Recrutador de beBee
Descrição

About the job


This role is in alignment with 2LoD involvement required on BNP Paribas dedicated hybrid Cloud that is core of Cloud Strategy.

The scope of the role involves developing, implementing and managing:
1) Cloud technology risk and operational risk management framework including Cloud security controls, operational risk management procedures, standards and processes for identifying, assessing, monitoring, reporting and mitigating operational risks related to dedicated Cloud.

2) Periodic and ad hoc reviews of cloud security controls to ensure they are integrated and operating effectively by the cloud security risk profile solutions

3) Cloud risk register with Cloud security control and risk assessments integrated for Cloud risk reporting to CROs, operational risk officers of poles and entities, IT Group Cloud and Cloud security teams, Cloud service providers, internal and external auditors on operational risk matters.


Your Main Activities Are
Lead and coordinate Cloud technology and operational risk identification, assessment, monitoring, reporting and mitigation activities for the dedicated Cloud using appropriate tools and methodologies

Develop and maintain the Cloud technology and operational risk management framework, policies, standards, procedures and controls for the Dedicated Cloud services in alignment with BNP Paribas 1LoD and 2LoD risk management policies

Coordinate and manage the Cloud technology and risk governance structure including committees, forums and reporting lines for the Dedicated Cloud services

Periodic (weekly, monthly, quarterly, half yearly, annual) and ad hoc reports and dashboards on the Cloud technology and operational risk profile, trends, issues, incidents and remediation action plans for the dedicated Cloud services to senior management, risk management committees, supporting regulatory reporting, internal and external auditors

Provide Cloud security expert advice and guidance to CRO, operational risk officers, IT Group Cloud program, Group CISO, IT Group production teams, cloud service providers, internal and external auditors on Cloud technology and operational risk matters including risk assessments, controls, testing, audits and remediation


Participate in multiple Group Cloud program and operations governance committees for Cloud security controls and risk management with Operational Risk officers, IT Group Cloud Program, Group CISO, IT Group Production teams, Cloud service provider, Independent Software Vendors (ISVs) etc.

covering topics of Cloud security & ICT risks, Cloud adoption, operational security, remediation actions, etc

Coordinate with operational risk officers of poles and entities for move to Cloud technology and operational risks

Review and update minimum baseline Cloud security controls in collaboration with IT Group Production security teams, Cloud security experts, Operational risk officers, ICT risk officers, etc

Review and update process and workflow for monitoring and reporting of compliance to minimum baseline dedicated hybrid Cloud security controls on Cloud security posture management solutions in collaboration with IT Group Production teams, Cloud service provider, ICT risk officers, operational risk officers, etc


Develop and identify and update risk reporting methods using automated solutions, leveraging existing or new solutions of Governance, Risk and Compliance (GRC) tools for dedicated hybrid Cloud services asset register, risk register, remediation tracking, etc.

Cloud Security Posture Management solutions, operational risk management solutions, IT service management solutions, reporting & dashboard solutions, etc

Overall high quality report writing, documentation and presentation for dedicated hybrid Cloud security topics of operational risk frameworks and operating models, cloud security baseline controls, identifying control gaps, residual risks, questions to identify root causes, risk implications, short term and long term remediation measures, recommendations and appropriate risk opinions


Profile and Skills to Success
Good knowledge of ICT risks, IT Control, Information Security, Business Continuity, IT operations and IT Audit and assessment methodologies and concepts

Experience working with ICT risks, business continuity, IT Management and operations, IT risk and IT audit teams

Ability to articulate risk management concepts in business language

Excellent written and verbal communication (English)

Proficient with Microsoft Office Suite

Prior experience documenting tool requirements to support risk management

Ability to travel to BNP Paribas and vendor sites, and perform assessments as necessary

Proven ability to manage issues through to resolution; skilled at making judgment calls

Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times

Industry certifications (e.g. CISA, CRISC, COBIT) or willingness to obtain the same

Works itera
Mais empregos da BNP Paribas
Ver todos os empregos de BNP Paribas