Location:Lisbon or Porto
Job Description:
We are seeking to complement and reinforce its existing teams in the areas of IT risk management, Cybersecurity and the fight against Digital Fraud.
Candidate Profile:
A bachelor's degree in computer science, information technology, or a related field
Experience level: At least 5 years of audit (preferably within the banking or financial services industry), experienced profile is expected
Any relevant certification (e.G. ISO ***********, CISA, CISM, CISSP)
Relevant experience related to Third Party Risk Management or Outsourcing is a strong plus
Strong analytical and problem-solving skills, with the ability to think critically and identify potential security risks.
Excellent communication and interpersonal skills, with the ability to effectively convey complex technical information to non-technical stakeholders.
Within IT Group, the Cybersecurity & Digital Fraud (CDF) Department's mission aims to structure, strengthen and harmonize IT Risk management and Cybersecurity for the overall Group:
Define the vision and strategy for IT risk management and cybersecurity, and ensuring the implementation of this strategy within the Group's operating entities,
Monitor the security of the Group's information systems,
Steer the IT Continuity and Resilience strategy and methodological framework.
The evolving Cyberthreats landscape increases the security risk of financial sector that leads to strengthen its Cybersecurity maturity, IT risk management and Operation Resilience.
Within IT Group Cybersecurity & Digital Fraud (CDF) department, you will be part of the extended team in Portugal, specifically the Assurance & Trust team, composed of experts in DLP (Data Leakage Prevention), Penetration Testers & Red Teamers, and Vulnerability Management Specialists.
Our auditor team is currently located in Paris and willing to expand in Portugal (both Lisbon & Porto).
You will have 2 main missions:
Cybersecurity Assessment on internal subsidiaries
Cybersecurity assessment for entities, allowing in-the-field & accurate evaluation of their IS Security risks & vulnerabilities.
3rd parties' Audit
3rd parties' security audits on main providers (e.G.: cloud services providers such as MS O365, AWS, Worldline, etc.).
Travels are expected, mostly in Europe, but US and APAC organizations could also be audited
If you are a proactive and dedicated professional with a passion for cybersecurity, we would love to hear from you.
We look forward to potentially welcoming you to our team and working together to ensure the highest levels of security and compliance within our organization.
Main Tasks:
As a Cybersecurity Auditor, you will be responsible for evaluating and improving the effectiveness of our information security systems and processes.
Your key duties will include:
Conducting comprehensive audits of our internal subsidiaries or 3rd parties, based on cybersecurity policies, procedures and controls to ensure compliance with regulatory requirements and banking industry standards;
Identifying security-related vulnerabilities and weaknesses in subsidiaries/3rd parties' information systems and recommending appropriate corrective actions;
Collaborating with cross-functional teams to develop and implement robust security measures that protect our organization's data and assets;
Preparing detailed audit reports, presenting findings, and providing actionable recommendations to senior management;
Stayingup-to-date with the latest cybersecurity trends, threats, and technologies to ensure our organization remains at the forefront of security best practices.
Technical Skills:
Risk Knowledge & outsourcing awareness - Practice
Knowledge of data protection regulatory landscape, internal policies and standards - Practice
General knowledge on IT topics, or IT Risk and Cyber Security - Expert
Knowledge of major frameworks, issues and developments regarding Law and Regulation (beginner) - Notions
Cybersecurity - Expert
NIST Cybersecurity Framework (CSF) - Expert
Audit Methodologies - Expert
Capabilities to perform scans, configuration reviews, writing automated control scripts - Expert
Language Skills:
English – Mastery
French – Mastery