Cloud Risk and Cyber Security Senior Officer

March 18, 2024

Cloud Risk and Cyber Security Senior Officer


  • Standard / Permanent
  • PT-11-Lisbon
Apply for this job

About the job

  • This role is in alignment with 2LoD involvement required on BNP Paribas dedicated hybrid Cloud that is core of Cloud Strategy. The scope of the role involves developing, implementing and managing:

    1)     Cloud technology risk and operational risk management framework including Cloud security controls, operational risk management procedures, standards and processes for identifying, assessing, monitoring, reporting and mitigating operational risks related to dedicated Cloud.

    2)     Periodic and ad hoc reviews of cloud security controls to ensure they are integrated and operating effectively by the cloud security risk profile solutions

          3)    Cloud risk register with Cloud security control and risk assessments integrated for Cloud risk reporting to CROs, operational risk officers of poles and entities, IT Group Cloud and Cloud security teams, Cloud service providers, internal and external auditors on operational risk matters.


Your Main Activities Are

  •     Lead and coordinate Cloud technology and operational risk identification, assessment, monitoring, reporting and mitigation activities for the dedicated Cloud using appropriate tools and methodologies

  • Develop and maintain the Cloud technology and operational risk management framework, policies, standards, procedures and controls for the Dedicated Cloud services in alignment with BNP Paribas 1LoD and 2LoD risk management policies
  • Coordinate and manage the Cloud technology and risk governance structure including committees, forums and reporting lines for the Dedicated Cloud services
  • Periodic (weekly, monthly, quarterly, half yearly, annual) and ad hoc reports and dashboards on the Cloud technology and operational risk profile, trends, issues, incidents and remediation action plans for the dedicated Cloud services to senior management, risk management committees, supporting regulatory reporting, internal and external auditors
  • Provide Cloud security expert advice and guidance to CRO, operational risk officers, IT Group Cloud program, Group CISO, IT Group production teams, cloud service providers, internal and external auditors on Cloud technology and operational risk matters including risk assessments, controls, testing, audits and remediation
  • Participate in multiple Group Cloud program and operations governance committees for Cloud security controls and risk management with Operational Risk officers, IT Group Cloud Program, Group CISO, IT Group Production teams, Cloud service provider, Independent Software Vendors (ISVs) etc. covering topics of Cloud security & ICT risks, Cloud adoption, operational security, remediation actions, etc
  • Coordinate with operational risk officers of poles and entities for move to Cloud technology and operational risks
  • Review and update minimum baseline Cloud security controls in collaboration with IT Group Production security teams, Cloud security experts, Operational risk officers, ICT risk officers, etc
  • Review and update process and workflow for monitoring and reporting of compliance to minimum baseline dedicated hybrid Cloud security controls on Cloud security posture management solutions in collaboration with IT Group Production teams, Cloud service provider, ICT risk officers, operational risk officers, etc
  • Identify, review and update risk reporting template and metrics for Cloud security and risks of dedicated hybrid cloud services (Infrastructure, platform, software, containers, etc.) and applications using dedicated hybrid cloud services
  • Develop and identify and update risk reporting methods using automated solutions, leveraging existing or new solutions of Governance, Risk and Compliance (GRC) tools for dedicated hybrid Cloud services asset register, risk register, remediation tracking, etc. Cloud Security Posture Management solutions, operational risk management solutions, IT service management solutions, reporting & dashboard solutions, etc
  • Overall high quality report writing, documentation and presentation for dedicated hybrid Cloud security topics of operational risk frameworks and operating models, cloud security baseline controls, identifying control gaps, residual risks, questions to identify root causes, risk implications, short term and long term remediation measures, recommendations and appropriate risk opinions

Profile and Skills to Success

  • Good knowledge of ICT risks, IT Control, Information Security, Business Continuity, IT operations and IT Audit and assessment methodologies and concepts
  • Experience working with ICT risks, business continuity, IT Management and operations, IT risk and IT audit teams
  • Ability to articulate risk management concepts in business language
  • Excellent written and verbal communication (English)
  • Proficient with Microsoft Office Suite
  • Prior experience documenting tool requirements to support risk management
  • Ability to travel to BNP Paribas and vendor sites, and perform assessments as necessary
  • Proven ability to manage issues through to resolution; skilled at making judgment calls
  • Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times
  • Industry certifications (e.g. CISA, CRISC, COBIT) or willingness to obtain the same
  • Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework
  • Multilingual capability is a plus

About the Team

  • IT Risk and Cyber Security Officer’s mission is to ensure IT and Cyber risks are managed properly. It plays a key role in securing information systems. By monitoring, detecting, investigating, analyzing, and responding to security events, this Officer is focused in the adaptations, deployment and maintenance of the IT and Cyber Risk Management Reference Framework


Why joining BNP Paribas?

· Leading banking institution

BNP Paribas is a leader in the Eurozone, and a prominent international banking institution with strong roots in Europe’s banking history. It has a presence in 65 countries, with around 190 000 Employees – including more than 145 000 in Europe.

 · Our presence in Portugal

Since 1985, BNP Paribas was one of the first foreign banks to operate in the country. Today, the Group has around 7.100 employees across several entities operating directly in the territory, offering a wide range of integrated financial solutions to support its clients and their businesses.

· International reach

Thanks to its international presence and regular and close collaboration among its different entities, BNP Paribas has the resources to support all clients with financing, investment, savings and protection solutions that help make their projects a success. BNP Paribas holds key positions in its three core operating divisions:

  • Retail Banking, a division that brings together all of the Group’s retail activities and specialized business lines;
  • Investment & Protection Services that include specialized businesses offering a wide range of savings, investment and protection services;
  • Corporate & Institutional Banking division that offers tailored financial solutions for corporate and institutional clients.

· Diversity and Inclusion commitment

BNP Paribas is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.

· Commitment towards work/life balance

At BNP Paribas we care about our employees wellbeing and promote a culture of good integration between work and rest. We believe our employees have rich personal lives outside of work, being fundamental to be disconnected from work to recharge both physically and mentally. Only through this balance we may all be at our best while working.

· Remote Working Conditions

At BNP Paribas, we embrace a Smart Working framework based on trust, autonomy and collaboration. Within this framework, eligible employees can benefit from flexible remote working modalities adapted to our hybrid working environment. To guarantee a comfortable and efficient working set-up, eligible employees are provided with both the office and home equipment, are entitled to an equipment allowance and can benefit from exclusive partnerships to purchase additional equipment at reduced prices.

To find out more on why you should join BNP Paribas visit

* Please note that only applications submitted in English will be considered.

* In case you are selected for this role, further documentation will be requested to support your hiring process. 

Offers you may be interested in