The Information and Communications Technology Risk department is part of the Group Risk Functions within BNP Paribas. It is a part of the 2nd line of defence under the Bank’s Enterprise Risk Management and Chief Operational Risk Officer. The department has responsibility for identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions. Our work involves following initiatives, for example: 

- Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks

- Tracking issues and agreed actions to completion

- Horizontal and Vertical Risk Assessments

– Assessing technology risks in relation to a particular theme or technology across the third party suppliers. Examples could be assessments of the firewall change process, applications processing >$5m per day, applications hosted in the cloud, etc.

- Assessing risks to a product, service, technology or infrastructure. For instance, we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.) or our Internet connectivity.

- Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions.

About the job

Integrated in the Global Iberian Centre of Excellence, and as a Cyber Risk Intelligence Analyst, the candidate will play a critical role in safeguarding BNP Paribas information systems by managing external attack surfaces, assessing cyber risks for corporate clients, and delivering critical emerging risk reports. You will leverage advanced tools such as External Attack Surface Management (EASM) alongside open-source intelligence to ensure robust security practices and compliance with regulatory demands in the UK and US

The position is based in Porto reporting directly to the Global RISK ORM Iberian Centre of Excellence and functionally to Head of Cyber Risk Intelligence, Emerging Technology Operational Risks and Intelligence, located in London

Your Main Activities Are

External Attack Surface Management:

• Utilise Qualys EASM to monitor and manage external attack surfaces effectively.
• Conduct thorough investigations to identify and evaluate threats, vulnerabilities, and remedial actions in collaboration with our Cyber Defence Facility (CDF) colleagues.
• Maintain and reconcile external asset inventory, including integration with public cloud services, SaaS, and alternative inventory platforms.
• Develop strategies for the continuous improvement of security posture and reduction of risk exposure.

Credit Cyber Risk Assessment:

• Lead the delivery of Cyber Risk Assessments for corporate clients to identify potential cybersecurity vulnerabilities.
• Foster ongoing collaboration and training with credit risk officers globally to enhance their understanding and management of cyber risk in credit operations.
• Develop and implement risk assessment frameworks that adhere to internal standards and regulatory requirements.

Risk Horizon Reporting:

·       Produce and deliver the Risk Horizon report, which provides a comprehensive analysis of emerging technology risks that could impact various facets of our business.

This task involves scanning the technological landscape for emerging trends and potential threats, including those related to cybersecurity, artificial intelligence, quantum computing, and other innovative technologies. Maintain a high standard of reporting, ensuring that findings and strategic recommendations are clearly communicated, actionable, and aligned with our global risk management framework.

Profile and Skills to Success

Qualifications:

• Bachelor’s or Master’s degree in Cybersecurity, Information Technology, or a related field.
• Proven experience in cybersecurity, particularly in roles focusing on external attack surface management, risk assessment, or intelligence analysis.
• Certification in cybersecurity such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP), or Global Information Assurance Certification (GIAC).
• Additional certifications such as ISACA Risk and Information Systems Control (CRISC), NIST Cybersecurity Framework (NCSF), or CompTIA Security+ are highly desirable.

Skills:

• Technical Proficiency: Proficient in using cybersecurity tools like Qualys EASM and a broad array of security platforms. Comprehensive understanding of security protocols, threat intelligence systems, and vulnerability management processes. Familiarity with frameworks such as NIST, ISO 27001, and others essential for effective cybersecurity management. Ability to identify, assess, and mitigate vulnerabilities within a variety of computing environments.
• Analytical Thinking: Strong analytical skills with a keen ability to assess complex data, identify patterns and vulnerabilities, and devise effective, actionable solutions.
• Communication Skills: Excellent communication skills, both written and verbal, with the ability to produce detailed, clear, and actionable reports. Proficiency in explaining complex security risks and concepts to non-technical stakeholders.
• Problem Solving: Robust problem-solving skills with a proactive approach to identifying risks and implementing preventative strategies.
• Project Management: Ability to lead projects, manage timelines effectively, and collaborate with teams across different geographical locations.
• Adaptability and Learning: Ability to quickly adapt to new technologies and continuously update knowledge in a rapidly evolving field. Willingness to engage in ongoing professional development.

Why Join Us:

You will be joining a forward-thinking company that values innovation and a proactive approach to cybersecurity. We offer a competitive salary, comprehensive benefits, and opportunities for professional growth in a dynamic and supportive environment

#LI-Hybrid

Why joining BNP Paribas?

· Leading banking institution

BNP Paribas is a leader in the Eurozone, and a prominent international banking institution with strong roots in Europe's banking history. It has a presence in 65 countries, with around 190 000 Employees – including more than 145 000 in Europe.

· Our presence in Portugal

Since 1985, BNP Paribas was one of the first foreign banks to operate in the country. Today, the Group has around 7.100 employees across several entities operating directly in the territory, offering a wide range of integrated financial solutions to support its clients and their businesses.

· International reach

Thanks to its international presence and regular and close collaboration among its different entities, BNP Paribas has the resources to support all clients with financing, investment, savings and protection solutions that help make their projects a success. BNP Paribas holds key positions in its three core operating divisions:

Retail Banking, a division that brings together all of the Group’s retail activities and specialised business lines;

Investment & Protection Services that include specialised businesses offering a wide range of savings, investment and protection services;

Corporate & Institutional Banking division that offers tailored financial solutions for corporate and institutional clients.

· Diversity and Inclusion commitment

BNP Paribas is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.

· Commitment towards work/life balance

At BNP Paribas we care about our employees wellbeing and promote a culture of good integration between work and rest. We believe our employees have rich personal lives outside of work, being fundamental to be disconnected from work to recharge both physically and mentally. Only through this balance we may all be at our best while working.

· Remote Working Conditions

At BNP Paribas, we embrace a Smart Working framework based on trust, autonomy and collaboration. Within this framework, eligible employees can benefit from flexible remote working modalities adapted to our hybrid working environment. To guarantee a comfortable and efficient working set-up, eligible employees are provided with both the office and home equipment, are entitled to an equipment allowance and can benefit from exclusive partnerships to purchase additional equipment at reduced prices.

To find out more on why you should join BNP Paribas visit https://bnpp.lk/why-BNP-Paribas-Portugal

* Please note that only applications submitted in English will be considered.

* In case you are selected for this role, further documentation will be requested to support your hiring process.