Chief Information Security Officer
Job description
Mission context
Axepta BNP Paribas is looking for an experienced and hands-on Chief Information Security Officer (CISO) to lead the cybersecurity and IT risk management efforts at our payment institution. The ideal candidate will possess deep knowledge of cybersecurity principles, risk management practices, and regulatory requirements, and will be responsible for ensuring the confidentiality, integrity, and availability of our systems and sensitive customer data. This is a role with direct responsibility for designing, implementing, and maintaining a comprehensive information security strategy while working closely with both technical and non-technical teams across the organization and the BNP Paribas Group.
Function description
The resource will be part of the IT team of Axepta BNP Paribas and will be reporting to the CIO.
Key Responsibilities
Cyber security strategy and governance
-
Implement a cybersecurity vision and strategy based with organizational priorities, and enable and facilitate the organization's Business objectives, and ensure senior stakeholder buy-in and mandate.
-
Define a governance structure for Cybersecurity within the first line of defense, consistent with the BNP Paribas Group IT Governance, and with its associated principles.
-
Create and manage, jointly with the CIO, a unified and flexible referential framework (policies, requirements, indicators, control plans, guidelines) to integrate and normalize the wide variety and ever-changing technologies & requirements resulting from global laws, standards and regulations.
-
Chair and prepare the quarterly ISSC (Information Security Steering Committee).
IT Risk management
- Lead risk assessments and vulnerability management to identify and mitigate risks to the company’s IT systems and infrastructure.
- Provide recommendations to mitigate risks related to new technology deployments and regulatory compliance.
- Follow progress of Cybersecurity program and IT risk remediation plans implementation, and report the progress to the CIO and the 2nd Line Of Defense.
- Monitor the external security posture & provide security monitoring on critical main third parties.
- Lead the IT security risk activities in collaboration with ITRO and CRO and provide the consolidated IT security risk dashboard to the Risk Committee.
- Follow-up the closure of IT security audits & reviews’ internal and external recommendations.
- Coordinate the answers to regulators’ requests on Cybersecurity and IT security risk management subjects.
Security operations & incident response
- Oversee the day-to-day operations of the information security program, ensuring continuous monitoring of systems, networks, and data.
- Provide expertise and support on Cybersecurity, IT risk management, and connected topics such asset inventories, including information assets in Cloud services and in other parties.
- Work together with the BNPPF CISO team in the coordination of the responses to Cyber incidents and crisis, and follow the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event.
- Work together with the BNPPF CISO team concerning Axepta BNP Paribas communication with authorities and regulators in case of Cyber incidents.
Cyber security projects (focus on DORA) and expertise sharing
- Provide expertise and support to departments (IT and business-during strategic project development reviews, pen testing, red teaming, new business activities…), together with CIO and BNPPF CISO guidance on Cybersecurity topics (network, cryptography, data, endpoints, applications developments, etc.)
- Watch and anticipate Cybersecurity and IT risks linked to emerging technologies, and promote those new technologies that can better protect the company with the support of the BNPPF CISO team.
- Ensure that Cybersecurity and IT risk management is embedded in the project delivery process by providing the appropriate information security and IT risk management policies, practices and guidelines.
- Work with purchase department, procurement office, and supplier management teams to ensure that information security and IT risk management requirements are included in master contracts
Security awareness and training
- Create the necessary internal networks within the company and the BNP Paribas group, risk management, line-of business executives, Compliance, Legal, Inspection Générale, and HR management teams to ensure alignment as required.
- Be in contact with external peers to address common trends, findings and Cybersecurity and IT risks.
- Manage a targeted information security and IT security risk management awareness and training program for all employees, contractors, and more particularly for the different departments and the Business Executives
Requirements
Language requirements
- Dutch: Preferred
- French: Preferred
- English: Fluent
Education
- Cyber Security, Risk Management
Certification
- Relevant certifications (CISM, CISSP, NIS2, GDPR, ISO 27001 Lead Implementer).
Telework
- Expectation: 60% on site (Tuesday, Thursday + 1 day of choice) & 40% homeworking
Required experience / knowledge
- The ideal candidate will be a team player with excellent organizational and communication skills, a strong grasp of cloud technologies, and a commitment to delivering high quality.
Hands-On Technical Expertise:
- Strong technical background in network security, system administration, and hands-on experience with security tools and technologies (firewalls, IDS/IPS, SIEM, encryption, etc.). Experience with cloud security, SaaS products, and securing payment systems.
Risk Management Experience:
- Proven experience in IT risk management, including conducting risk assessments, vulnerability management, and implementing risk mitigation strategies with ideally proven capability of managing third party risks.
Regulatory Knowledge:
- Familiarity with payment industry regulations such as DORA, PCI-DSS, GDPR, and other relevant data protection and security standards.
Strategic oversight:
- Ability to reconcile the cyber security program together with the ongoing initiatives while ensuring alignment with the BNP Group.
Leadership and Communication:
- Strong leadership skills with the ability to communicate complex security concepts to non-technical stakeholders, including executive leadership and the board.
- Stakeholder management including regulatory facing.
Ownership:
- within a small organization such as Axepta BNP Paribas, it is important to act proactively and take ownership.
Experience:
- Minimum of 5-7 years of experience in information security, with at least 3 years in a leadership role, preferably in a financial services environment.
Nice to have:
- familiarity with payment institutions and understanding of the unique security challenges in the financial services industry