About BNPP: 

BNP Paribas is the European Union’s leading bank and key player in international banking. We operate in 64 countries and have nearly 178,000 employees globally. 

Our mission is to contribute to a responsible and sustainable economy by financing and advising clients according to the highest ethical standards. We offer secure, sound and innovative financial solutions to individuals, professional clients, corporates and institutional investors while striving to address the fundamental challenges of today with regard to the environment, local development and social inclusion.

About BNPP in the Nordics

BNP Paribas is the global bank with the strongest presence on the ground in the Nordic region. We have close to 1000 employees based locally in the Nordics and offer our clients a wide range of services through our Group business units: BNP Paribas Corporate and Institutional Banking, Arval, BNP Paribas Asset Management, Alfred Berg, BNP Paribas Cardif, BNP Paribas Factor, BNP Paribas Leasing Solutions, and BNP Paribas Personal Finance.

BNP Paribas Corporate & Institutional Banking (CIB) offers corporates, institutions and public-sector clients a wide range of services from daily banking to value-added products and sophisticated investment banking solutions.

About this opportunity

We are looking for a highly skilled Information Security & Resilience Officer responsible for the hands-on management and oversight of ICT risks, including cybersecurity, operational resilience and third-party risk IT assessment across BNP Paribas Nordic branches. 

The role is located in Stockholm reporting to the CIB Nordics ITO CCCO.

Main scope of the role: 

• Lead and animate the regional cybersecurity community, fostering collaboration and ensuring a coordinated and harmonized approach across the region. 
• Ensure local implementation of Group frameworks and regulatory compliance. 
• Act as the main liaison with EMEA IT Risk & Cybersecurity Office and supports all Nordic business lines within and beyond CIB by promoting consistent practices. 

What you will do    

IT Risk & Cybersecurity:

• Ensure the local implementation of the Group framework cybersecurity.
• Lead the end-to-end cyber incident response by linking local teams with CSIRT, overseeing DLP/SOC monitoring, and ensuring accurate reporting of all IT-related incidents in Group tools.
• Drive ICT including ICT third-party risk management by leading risk assessments and related questionnaires, serving as SME for Group TPRM implementation and vendor-oversight alignment with Procurement team & TPRM coordinator.

Operational Resilience & Business Continuity:

• Responsible for BCM (Business Continuity Management) and CM (Crisis Management) practices locally, ensuring compliance with centrally defined standards and testing schedules.
• Facilitate regular testing and validation of Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP), ensuring consistency across all local business entities.
• Embed operational resilience considerations into local operational procedures across function and business processes.
• Contribute to regional crisis management activities, including training, and incident response coordination.

Property and Personal Security (PPS):

• Act as a regional coordinator for PPS matters, ensuring local alignment with Group PPS policies.
• Monitor local PPS compliance, incident management, and actively promote security awareness.

Strategy, Culture and Governance:

• Act as the main regional contact point between EMEA teams and local entities for cybersecurity and resilience initiatives, keeping local strategies and practices fully aligned with Group policies and key regulations (e.g DORA, GDPR).
• Regularly update and engage local senior management across all business lines, promoting a culture of cyber-awareness, operational resilience, and regulatory compliance.
• Drive knowledge-sharing and cross-functional coordination, while advising leadership on cybersecurity and resilience topics to ensure clear and actionable communication. 

Relevant experience and requirements 

• Bachelor / master’s degree in cybersecurity, risk management, IT, or related field.
• Minimum 3 years of relevant experience, preferably within banking or financial services.
• Good understanding of cybersecurity, operational resilience, and ICT regulatory frameworks, notably DORA.
• Effective interpersonal and communication skills are essential for coordinating between multiple stakeholders and business lines.
• Proactive, adaptable, and skilled at managing regional implementation of centrally defined strategies.
• Fluent in English. Fluent in one of the Nordic languages is advantageous.
• Professional certifications (CISSP, CISM, CISA) are advantageous.

Hiring Manager  

Tanguy Bret, Chief Operating Officer CIB Nordics

Khaloud Djemili, HRBP CIB 

Diversity Statement

As the Bank for a changing world, we truly believe that promoting diversity makes it better. We welcome all talents and empower them to prosper in an inclusive workplace. Join us and bring your full self to work with your own experience and identity!