Security Risk Officer Cib

**Company Description**
Natixis in Portugal is a Centre of Expertise whose mission is to transform traditional banking by developing innovative solutions for the business, operations and work culture of Groupe BPCE worldwide.

Natixis in Portugal is part of the Global Financial Services division, where it applies technology for the development of financial expertise in its two global business lines - Corporate & Investment Banking and Asset & Wealth Management - and, transversally, for the entities of Groupe BPCE.

The Centre of Expertise, based in Porto, currently has more than 2,400 employees from over 30 nationalities, organised in three main departments: Information Technology, Banking Support Activities and Compliance. These teams work in an integrated, inclusive and transversal way, supporting and creating value for all the business lines and platforms of the group. The project in Porto is one of the biggest investments in Human Resources ever made by Groupe BPCE worldwide.

A disruptive mindset and a culture of proximity and agility identify Natixis in Portugal Team and reflect the company's mission to transform traditional banking at a global scale: a perfect match in the Portuguese dynamics and entrepreneurial ecosystem.

In 2024, Top Employers Institute has awarded Natixis in Portugal the Top Employer Portugal accreditation for the second time. This certification recognizes excellence in people practices, following the example of our head office, in France, who was certified Top Employer France for the eight year in a row.

First Line of Defense (LoD1) IT Risk Management (ITRM) team plays a strategic role within our organization by monitoring topics related to IT Risks and by establishing operational standards in accordance with organizational policies, ensuring their effective implementation.
ITRM Lod1 team responsibilities also encompass reporting cyber and IT risk issues, developing action plans, and defining and implementing policies related to IT Asset Management (ITAM). Furthermore, we actively monitor obsolescence and vulnerabilities, supervise LoD1 controls, and assess the state of CIB & Risks, particularly in areas such as developer training on security, code vulnerabilities, and Checkmarx deployment.

**Main Tasks & Responsibilities**:

- Communicate corporate governance, risk management, control strategies, frameworks, and policies.
- Communicate effectively with stakeholders, including senior management, to report on the status of technological risks, potential vulnerabilities, and the effectiveness of risk mitigation measures.
- Report on enterprise-wide technology risks to senior management.
- Provide independent oversight and challenge of IT team choices.
- Provide training tools and advice to your perimeters and promote a strong risk management culture.
- Ensure that activities comply with applicable laws and regulations.
- Identify potential technological risks that could impact the bank's operations, including cybersecurity threats, data breaches, system failures, and other IT-related risks.
- Assess the potential impact and likelihood of technological risks and work to quantify and prioritize these risks based on their severity and potential impact on the bank's operations.
- Continuously monitor and analyze the bank's technology infrastructure and systems to identify any emerging risks or vulnerabilities that could pose a threat to the bank's operations and data security.
- Ensure that the bank's technology systems and operations comply with relevant regulatory requirements and industry standards, such as data protection regulations and cybersecurity best practices.- Develop and implement risk mitigation strategies and controls to address identified technological risks, including collaborating with IT teams to implement security measures and controls.
- Contribute to the development and implementation of technology risk management policies and procedures to ensure the bank's technology infrastructure is secure and resilient.

**Specific Responsibilities**:

- Deploy new level 1 permanent controls
- Validate and supervise the execution of level 1 permanent controls level
- Ensure continuous improvement of level 1 permanent controls level
- Develop and maintain the technology risk management framework, policies, and procedures.
- Develop and maintain comprehensive reports on level 1 permanent controls compliance level.
- Communicate effectively with stakeholders, including senior management, to report on the status of level 1 permanent controls.
- Provide training, tools, and advice to staff members to promote a strong risk management culture and awareness of technology risks.

**Qualifications**
- Bachelor's degree in Computer Science, Information Technology, or related field
- Proven experience in technology risk management within the banking or financial services industry.
- Strong understanding of technology infrastructure, security principles, and risk assessment methodologi