Who are we?

We are South Europe Technologies (S.ET); the IT, Data and Operations Shared Service Center of BNP Paribas Personal Finance (PF), with delivery centers in Spain and Portugal, providing the best solutions to BNPP PF entities around the world such as Cetelem (specialized, between others, in financial partnership of major retailers, consumer goods companies and car dealerships).

Among other services, our portfolio is composed of:
* Applications Management (Architecture, Project Management, Development, and Quality Assurance).
* IT Risks & Cybersecurity Services.
* Platforms Management.
* Data Analytics and AI.
* Operations.

Our offices are in Spain (Madrid) and Portugal (Lisbon, Porto). The company brings together over 200+ employees, with expertise in various technologies (Java, .Net, Python, Tibco, APIGee) and other operational roles (Functional Analyst, Project Manager, Business Analyst, Auto Stock Financing operators). We keep growing!

Our consistent track record of services delivery means comfort for our customers and opportunities for our employees.

You will find SET to be full of energy and an Inclusive Workplace in which you truly can make a difference.

Would you like to join our international team that delivers end-to-end solutions (applications and operations activities) to businesses of BNP Paribas Personal Finance Group entities around the world?

In a context of maintaining the high level of existing activities while growing the number of international customers, we are looking for our Information Security Analyst!

ABOUT THE JOB

MAIN RESPONSIBILITIES

Information Security Analyst is responsible to drive IT security activities under local CISO supervision. The key responsibilities are:

Security governance:

• Managing the implementation and follow-up of the cybersecurity program and security on-going initiatives as.

• Support in the identification of security initiatives and in the preparation of CyberProgram.

• Ensure security policies/procedures are implemented across all the units and processes.

• Develop and maintain cybersecurity policies and procedures to ensure their alignment with the Group rule and standards.

Application security and secure development:

• Define the security requirements for the design and maintenance of an applications and support the teams during the projects and evolutions.

• Support project teams in the definition of the security profile of each asset and review it periodically.

• Perform security assessment on the new assets will be transferred to SET and provide GAP analysis with the group requirements. Participate in the on-boarding activities as security point of contact.

• Conduct periodical security reviews with the technical teams to identify risks and improvement points, ensuring compliance with the group security requirements.

• Follow-up that the security risks are addressed by the teams and that the technological, architectural or design-related decisions will not lead to any violation of the corporate security guidelines/policies.

• Vulnerability management (code security, vulnerability scans, pentest) and support teams to define and follow-up remediation actions.

• Assist in the security risk management, establishing mitigation measures and supporting in the management of exception and escalations within the risk management process.

• Assist developers in the management of security vulnerabilities in the application layer and promote cyber-culture and secure development good practices into the technical teams

• Prepare and conduct awareness material and sessions to spread the knowledge on the group policies and procedures and secure development best practices.

Risk and generic controls

- Execute periodic IT security controls based on evidence collection following the IT Control campaign calendar and guidelines provided by the group.

Steering and reporting:

• Follow-up operational cybersecurity status monitoring services provided by other areas in the Group (patching, vulnerabilities, implementation of security tools, etc.)

• Collect and monitor indicators and support in the preparation of reports and committees based on indicators, main alerts and risks, etc.

REQUIREMENTS

1 year of experience in IT security, including the following skills:

• Experience working with ServiceNow

• Experience in leading/delivering risk assessments and scenario analysis.

* Languages

- Fluent level of English is a must.
- Any other European language is nice to have.

SKILLS

BUSINESS SKILLS

• Comprehensive explanations of security issues.

• Definition and implementation of security requirements for application design and maintenance.

• Performing information security risk assessments.

• IT Risk and cybersecurity frameworks knowledge: NIST, ISO27001, etc.

BEHAVIOURAL SKILLS

• Good stakeholder and relationship management skills.

• Communication Skills - Oral & Written.

• Ability to collaborate / Teamwork.

• Proactive.

TRANSVERSAL SKILLS

• Analytical Ability.

• Ability to manage / facilitate a meeting, seminar, committee, training...

ABOUT OUR CULTURE:

We are proud to create, maintain and develop business solutions for BNP Paribas Group entities around the world, while keeping a high level of service and providing added value to our customers.

Working in an Inclusive and Multicultural environment, we encourage everyone to develop their talents and skills, offering various career opportunities and internal mobility programs, within local SET teams or in other entities within the Group.

We value our employees´ experience by keeping a well-balanced environment with flexibility regarding the work schedule and care for everyone´s personal time.

We embraced a hybrid way of working because we believe social connection always adds value to our day-to-day activities.

BENEFITS

* Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries.
* Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity).
* Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities.
* Flexible compensation plan.
* Hybrid telecommuting model (50%).
* 31 vacation days.