Junior Security Risk Officer (French Speaker) | SG

The Groupe BPCE DSG provides the second line of defense (LoD2) regarding IT risks (including cyber risk), business continuity, safety of staff and premises and external fraud.

The Groupe BPCE DSG oversights all the entities of the Group.

The TRM center of expertise (CE TRM) coordinates LoD2 operations (risk analysis, level 2 controls, action plans, security reviews, etc.) for all group establishments that have adopted the Technology Risks Management (TRM) model.

The DSG works in close collaboration with the entities of the Group (BPCE-IT, BPCE SI, IT departments of Natixis and BPCE SA, etc.), and the Operational Risk departments.

The G-TRM team at Natixis Portugal oversees operating level 2 controls of TRM type for all the entities covered by CE TRM. These L2 controls are related to all taxonomies covered by CE-TRM and policies validated on BPCE Groupe.

Key tasks and objectives

Take responsibility for carrying out LoD2 control operations. 

Follow up on remediations in case of non-compliance. 

Identify potential improvements and share them with CE TRM.

Gap analysis and refinement of use cases for relevant threat response.

Ensure continuous improvement of level 2 permanent controls level

Develop and maintain the technology risk management framework, policies, and procedures.

Develop and maintain comprehensive reports on level 2 permanent controls compliance level.

Communicate effectively with stakeholders to report on the status of level 2 permanent controls.

What we require of you

Strong background across the wide security landscape

Analysis skills to assess security tools to improve BPCE security by design framework

Evidence of a strong understanding of securing a software development life cycle

Significant experience in a role with all IaaS / SaaS / Cloud; specifically AWS and MS Azure

You will be in close cooperation with all the players in the second line of defense teams (Information system Security, Legal, Business Continuity, Data Privacy) and other IT Departments

We would expect you to have

Degree in one of these areas: Cybersecurity; IT Engineer; Managing IT Systems

Fluency in English and Good level of French (Mandatory);

Advanced Knowledge of Drive (Archer); MS Excel; PowerBI; Splunk.

Certification of other security or IS audit standard (preferred)

a good knowledge of information systems and technologies.

a critical and result-oriented mindset.

been able to demonstrate your autonomy and proactiveness.

knowledge of the banking and insurance sectors.

Experience with Power BI and Excel.

Knowledge of regulatory requirements and industry standards related to technology risk management such as ISO27001.

Results oriented.

Comfortable communicating with various stakeholders and senior management.

Our workplace reflects the vibrant spirit of our locations, with initiatives such as a Green Transportation Budget, electric bikes and a flexible Hybrid Work Policy. We promote wellbeing through the Honolulu Wellness Club, a Prayer Room, a Lactation Room, and themed Villages that inspire creativity and collaboration. Through our ESG and DEI strategies, we are commit to being inclusive, caring, and fair, ensuring every voice is heard and valued.