Location: Lisbon or Porto

Job Description:

• IT Group (ITG) is the function that coordinates the IT departments of the bank's functions and businesses worldwide, helps them implement the IT strategy defined for the Group, and adopt innovative, secure, and value-added tools and technologies for its clients (cloud, artificial intelligence & robotics, data management, blockchain, etc.).
• The ITG function itself is divided into several IT departments, including Cybersecurity and Digital Fraud (CDF), which is responsible for monitoring Cyber risks in the Information System to ensure the security of the Bank and its clients.
• Within CDF, you will join the CISO AI & Data team, whose main role is to manage Cyber risks for the “AI & IT Innovation” department (A3I) as well as define the AI and Data Cyber governance within the Group.

Missions:

• The Cybersecurity Officer has an overview of the information systems of the organization, implementation and optimisation of IT security for IT teams and employees.
• He/she supports the operational teams in carrying out security actions and ensures the follow-up of action plans.
• He/she supports A3I department as they mature to comply with IT security requirements.
• He/she supports the CISO in animating and steering the cybersecurity sector.

Main Tasks:

• Contribute to the drafting and implementation of security policies
• Analyze technologies' security risks (data security, identity and access security, cloud…), security tools and services, assess their impacts and make recommendations
• Participate in the development of security policies and organizational guidelines
• Ensure that policies are aligned with the organization's objectives
• Work with all cyber and IT teams
• Support operational teams in the implementation of cyber action plan
• Reporting to management
• Develop security indicators and dashboards for the perimeter
• Supervise the testing and validation of internal security controls as directed by the CISO or the internal audit team
• Support the CISO in animating the AI & Data Cyber Governance / committee preparation & Community animation

Specific:

• Assist in creating a comprehensive overview of the Applications managed by this department, including a precise inventory of the Risks Assessments, Security documentations, and other pentests associated with each of these Applications.
• Follow up, in coordination with the department's ITRO, the transfer of legacy AP codes and associated
• Risks (CMDB & GRC) into the ServiceNow structure attached to A3I.
• Participate to the Risk Assessments of Solutions offered by A3I.
• Assist in monitoring the department's Risk remediation plans and in setting up the risks Committees.
• Contribute to improving the security governance of the Group solutions proposed by A3I.
• Review the access requests submitted by A3I’s Staff (Iwave, MyAccess, Mobisubscribe, etc.).

Technical Skills:

• 10 years of professional experience in cybersecurity
• Good understanding of AI, its potential and impact, and a good knowledge of infrastructure security
• IT risk management and analysis
• National Institute of Standards and Technology Cybersecurity Framework (NIST), cyber risk analysis frameworks (e.g.: EBIOS RM) or methodology as ISO 27001