BNP PARIBAS, the leading bank in the European Union and a leading international player, is seeking to complement and reinforce its existing teams in the areas of cybersecurity.

Within EMEA IT Risk and Cybersecurity Office, part of the IT Directorate of BNP Paribas Corporate and Investment Bank (CIB), you will be part of the CIB Ethical Hacking team.

You will play a key role ensuring the seamless delivery of pentest campaigns for CIB for all pentest services (Applications, API, Infrastructure and Mobile), to contribute to the identification and remediation of vulnerabilities in CIB systems and to the overall level of security of CIB, with the support of regional relays.

Global Service Lead of Penetration Test

Responsibilities: 

• Oversee and maintain the highest level of quality of service and ensure coordination for CIB Worldwide while controlling compliance of pentest over CIB internal policies and regulatory requirements with the support of regional relays (AMER/APAC pentest coordination and delivery teams).
• Provide strategical directions to and directly manage the operations of the EMEA pentest coordination team managed by the EMEA pentest coordination Team Lead directly reporting to him/her to ensure timely delivery, quality, technical reviews and coordination of pentest delivered for EMEA.
• Assure risk‑based testing prioritization and threat‑model alignment.
• Lead the formalization of an annual pentest book of work and ensure its validation by relevant stakeholders for CIB worldwide with the support of regional relays.
• Oversee CIB Global pentest budget consolidation to ensure adequate use of the budget in line with CIB needs and priorities.
• Perform performance reviews of external pentest supplier and internal pentest supplier to enforce continuous‑improvement of the service.
• Oversee and maintains data quality in the reporting tools, ensures production of measures, KPIs and KRIs and regular updates with the support regional relays, supports reporting for audits (internal and external), follows KPIs/KRIs and controls requested by CIB internal procedures.
• Propose and implement processes and service delivery KPIs/KRIs improvements to contribute to the evolution, efficiency and governance of the global service.

Requirements: 

• At least 8-10years of experience in similar position(pentest service delivery).
• Strong experience in pentest and related cybersecurity practices.
• Strong experience in services delivery and team management in worldwide organizations.
• Problem-solving mindset and hands-on experience in international process/procedure implementation.
• Ability to manage/facilitate a meeting or committee, comfortable presenting to C‑suite and regulatory bodies.
• Ability to collaborate seamlessly with, and coordinate services tied to teams operating in multiple countries
• Excellent written and verbal communication skills in English.
• Level of education: Bachelor degree or equivalent experience in computer science/cybersecurity.
• Certifications (must have at least one): OSCP, OSCE, CREST‑CRT,CREST + CCT,CISSP, CISM,GIAC GPEN or equivalent.
• Experience in banking or financial services—especially with a global investment bank—is considered an asset.
• Strategic, risk‑based thinking that leverages data and metrics to drive decisions
• Nice‑to‑have: Prior experience as an advisor to the CISO or a member of a risk‑steering committee and hands‑on red‑team/purple‑team expertise, threat‑modeling or exploit development.

We offer:

•  Hybrid work mode
•  Equivalent for remote work expenses (120 PLN per month)
•  Stable employment in the international company
•  Fully paid private medical care for employee
•  Pre-paid lunch card
•  Employee Pension Plan
•  Co-financed Multisport Card
•  MyBenefit Cafeteria Platform
•  Life insurance
•  Car parking availability in the office building
•  Trainings and development opportunities