Technical Project Manager

Location: Lisbon or Porto

Job Description:

We are seeking to complement and reinforce its existing teams in the areas of IT risk management, cybersecurity and the fight against digital fraud.

Within IT Group, Informatics Directorate, the Cybersecurity & Digital Fraud Department's mission aims to structure, strengthen and harmonize IT risk management and cybersecurity for the overall Group (approximately 30 entities) and:

• defining the vision and strategy for IT risk management and cybersecurity, and ensuring the implementation of this strategy within the Group’s operating entities,
• monitoring the security of the Group's information systems,
• steering the IT Continuity and Resilience strategy and methodological framework.
• The evolving Cyberthreats landscape increases the security risk of financial sector that leads to strengthen its Cybersecurity maturity, IT risk management and Operation Resilience.
• Within IT Group Cybersecurity & Digital Fraud department, the Assurance & Trust team:
• Provides the assurance of the cyber program deployment and its effectiveness
• Ensures that security controls are performing appropriately and that sensitive IT assets are protected (Offensive Security)
• Monitors the external security posture of the Group & provide security monitoring on critical main 3rd parties
• The External Vulnerability Scanning Team works on the last topic. It is – for the Group, worldwide - responsible for scanning the internet-exposed assets, steering the Entities for remediation and maintaining the scanning tools with a contribution from the software vendors.
• Will join a dynamic and dedicated team which is distributed between Paris and Lisbon.

The missions are as follows:

• Perform vulnerability scans on all the internet-exposed assets
• Contribute to manage security ratings on all the internet-exposed assets
• Maintain the contractual relationship with software vendors
• Manage SaaS solutions for cyber vulnerability and scoring
• Build vulnerability reports and present them to the CISO Board
• Contribute to the evaluation of solutions to complement existing services
• Be the main point of contact in Portugal for onshore team

Main Tasks:

• Be the preferred External Attack Surface Management point of contact for a few entities
• Collaborate with solution providers to fix issues impacting the service (management of support tickets)
• Contribute to produce vulnerability reports and fix any issues regarding the reporting process
• Analyze, assess, and report security risks, including their impacts to all entities CISOs
• Build and analyze various reports on the vulnerabilities/ratings
• Ensure administrative tasks concerning the platforms used to scan & detect vulnerabilities (manage assets, user accounts, …)

Technical Skills:

• Ability to understand data, IT systems and cyber security risks (especially regarding Vulnerability management / Security Ratings)
• Offensive security: proficiency in hacking techniques / audit methodologies

Language Skills:

• English - Mastery
• French - Practice