27 Nov. 2023

Business Project Manager (CISO as a service Team)

Job description

Start Date ASAP
Duration 6 months (with possible extensions)
Location Brussels
Context The assignment is positioned in the CISO-as-a-Service team; its mission is to support BNPPF BE subsidiaries with developing and managing the implementation of the organization’s cyber security strategy.

The principal responsibilities of this team are:
  • Determine Cyber Risk Posture: identify and build awareness on how much risk an organization has around cybersecurity;
  • Help architect the company-wide security strategy: develop strategies to reduce this risk level as appropriate;
  • Ensure the security strategy is well aligned with the BNPP Cyber Trust program;
  • Advocate for security investments; drive the cyber program forward and steer the vision, strategy and implementation;
  • Install a Cyber Steering/Governance (incl. overseeing critical security functions); communicate with the board, executive management and external stakeholders.

Various stakeholders (contributors and their management) need to be involved in the elaboration of this strategy, roadmaps and in the definition of key actions.

Both the roadmaps and the investment priorities are bank-wide deliverables. Good communication and interaction with middle and senior management levels across all functions in the bank is therefore essential.

Another responsibility is to cultivate Cyber Culture within BNPP Fortis.

This business consultant will work directly with the Head of Department to facilitate the inner workings of the CISOaaS team.
Function Description Responsibilities and main tasks:

(1) CISOaaS:
  • Meet regularly with BNPPF subsidiaries to review the status of their Cyber Program; ensure these are in line with BNPPF expectations/recommendations;
  • Monitor progress against plans and schedules; help in clarifying the underlying security requirements, exit criteria (when is it considered ‘done’) and expected evidences;
  • Ensure stakeholder input is aggregated in a concise, high quality end deliverable / report that can be shared with Sr. Management and relevant keyholders (such as BNP Paribas Group);
  • Help in defining and formalizing the security services provided to other entities;
  • Support in maintaining the budgeting view (volume per service, unit price per service, consumed by which entity, forecasts, etc.);
  • Establish and maintain CISOaaS management standards, processes, and best practices, ensuring that our activities are executed efficiently and with high quality;
  • Ensure all involved uphold the team's standards throughout each activity (a.o. security assessments, service definition, evidencing of security measures in place).

(2) Cyber Culture:
  • Roll-out the Group awareness and training plan io. to help colleagues understand and abide by established security practices; also, to recognize and react responsibly toward cyber threats;
  • Launch regular phishing campaigns to keep our colleagues ‘vigilant’ to social engineering attempts;
  • Identify if any roles require additional or more specialized training and ensure those roles receive it (e.g. High Privileged Users);
  • Serve as a consultant/advisor to security domain owners and support them with their communication and training needs;
  • Responsible for overseeing the production of and/or writing him-/herself newsletters, surveys, …;
  • Help with providing answers to questions – residing from inside or outside the organization – related to cybersecurity.


Education Master
Certification None required, but relevant professional certifications (e.g. CISSP, CISA, CRISC) and familiarity with project management and change management frameworks are a plus (e.g. Prince2, ITIL, ADKAR)
French Fluent
Dutch Fluent
English Fluent (mandatory)
Required knowledge / Experience
  • Experience in project management (5+ years)
  • Preferably, professional experience in information security (2+ years)
Business Experience Mandatory
  • Experience as management / business consultant
  • Solid analytical skills; ability to break-down complex issues into their key components; strong deductive reasoning; ability to draw conclusions from a combination of evidence and assumptions.
  • Familiar with financial services industry
Technical Experience Mandatory
  • Project and portfolio management
  • Experience in information security (governance)
Soft skills
  • Good analytical and synthesis skills;
  • Quick self-starter, pro-active attitude;
  • Autonomy, commitment and perseverance;
  • Ability to work in a dynamic and multi-cultural environment;
  • Ability to overcome set-backs and difficulties; seeks (and finds) solutions;
  • Good communication and influencing skills;
  • Excellent English writing skills; must be able to write a high-quality synthesis for Sr. management;
  • Factual and results-oriented.



Visitors of this page also checked out these jobs:

COTRAIN uses cookies to remember certain preferences and align jobs interests.