Location: Lisbon or Porto
Job Description:
We are seeking to complement and reinforce its existing teams in the areas of IT risk management, cybersecurity and the fight against digital fraud.
Within IT Group, Informatics Directorate, the Cybersecurity & Digital Fraud Department's mission aims to structure, strengthen and harmonize IT risk management and cybersecurity for the overall Group (approximately 30 entities) and:
* defining the vision and strategy for IT risk management and cybersecurity, and ensuring the implementation of this strategy within the Group's operating entities,
* monitoring the security of the Group's information systems,
* steering the IT Continuity and Resilience strategy and methodological framework.
* The evolving Cyberthreats landscape increases the security risk of financial sector that leads to strengthen its Cybersecurity maturity, IT risk management and Operation Resilience.
* Within IT Group Cybersecurity & Digital Fraud department, the Assurance & Trust team:
* Provides the assurance of the cyber program deployment and its effectiveness
* Ensures that security controls are performing appropriately and that sensitive IT assets are protected (Offensive Security)
* Monitors the external security posture of the Group & provide security monitoring on critical main 3rd parties
* The External Vulnerability Scanning Team works on the last topic. It is - for the Group, worldwide - responsible for scanning the internet-exposed assets, steering the Entities for remediation and maintaining the scanning tools with a contribution from the software vendors.
* Will join a dynamic and dedicated team which is distributed between Paris and Lisbon.
The missions are as follows:
* Perform vulnerability scans on all the internet-exposed assets
* Contribute to manage security ratings on all the internet-exposed assets
* Maintain the contractual relationship with software vendors
* Manage SaaS solutions for cyber vulnerability and scoring
* Build vulnerability reports and present them to the CISO Board
* Contribute to the evaluation of solutions to complement existing services
* Be the main point of contact in Portugal for onshore team
Main Tasks:
* Be the preferred External Attack Surface Management point of contact for a few entities
* Collaborate with solution providers to fix issues impacting the service (management of support tickets)
* Contribute to produce vulnerability reports and fix any issues regarding the reporting process
* Analyze, assess, and report security risks, including their impacts to all entities CISOs
* Build and analyze various reports on the vulnerabilities/ratings
* Ensure administrative tasks concerning the platforms used to scan & detect vulnerabilities (manage assets, user accounts, )
Technical Skills:
* Ability to understand data, IT systems and cyber security risks (especially regarding Vulnerability management / Security Ratings)
* Offensive security: proficiency in hacking techniques / audit methodologies
Language Skills:
* English - Mastery
* French - Practice