Requirements: English
Company: Argus
Region: be ,
Mission Context: Axepta BNP Paribas is seeking anexperienced and hands-on Chief Information Security Officer (CISO)to lead the cybersecurity and IT risk management efforts within ourpayment institution. The successful candidate will bring deepexpertise in cybersecurity principles, risk management practices,and regulatory compliance to ensure the confidentiality, integrity,and availability of systems and sensitive customer data. This roleinvolves direct responsibility for designing, implementing, andmaintaining a comprehensive information security strategy. The CISOwill work closely with both technical and non-technical teamsacross the organization and within the BNP Paribas Group. FunctionDescription: The CISO will be part of the IT team at Axepta BNPParibas and will report to the CIO. Key Responsibilities:Cybersecurity Strategy and Governance: - Implement a cybersecurityvision and strategy based on organizational priorities, aligningwith business objectives and ensuring senior stakeholder buy-in andmandate. Define and establish a governance structure forcybersecurity within the first line of defense, consistent with BNPParibas Group IT governance and principles. - Collaborate with theCIO to create and manage a unified and flexible referentialframework (policies, requirements, indicators, control plans,guidelines) to address the wide variety of evolving technologies,global laws, standards, and regulations. IT Risk Management: - Leadrisk assessments and vulnerability management efforts to identifyand mitigate risks to the company''s IT systems and infrastructure.- Provide recommendations to mitigate risks associated with newtechnology deployments and ensure regulatory compliance. - Monitorprogress of cybersecurity programs and IT risk remediation plans,providing status updates to the CIO and the 2nd Line of Defense. -Monitor external security posture and provide security monitoringfor critical third parties. - Lead IT security risk activities incollaboration with ITRO and CRO, delivering a consolidated ITsecurity risk dashboard to the Risk Committee. - Oversee theclosure of IT security audits and reviews, addressing internal andexternal recommendations. - Coordinate responses to regulatorsinquiries on cybersecurity and IT security risk management.Security Operations & Incident Response: - Oversee theday-to-day operations of the information security program, ensuringcontinuous monitoring of systems, networks, and data. - Provideexpertise and support on cybersecurity, IT risk management, andconnected topics, including asset inventories for informationassets in cloud services and third parties. - Support the BNPPFCISO team in coordinating responses to cyber incidents and crises,and ensure the implementation of incident response plans to recoverbusiness-critical services after a security event. - Coordinatecommunication with authorities and regulators in the event of cyberincidents. Cybersecurity Projects and Expertise Sharing (Focus onDORA): - Lead the information security and third-party riskmanagement streams in the DORA program. - Provide expertise andsupport to departments (IT and business) during strategic projectdevelopment, penetration testing, red teaming, and reviews of newbusiness activities, alongside CIO and BNPPF CISO guidance oncybersecurity topics. - Anticipate cybersecurity and IT riskslinked to emerging technologies and advocate for technologies thatcan better protect the company, with support from the BNPPF CISOteam. - Ensure cybersecurity and IT risk management are embedded inproject delivery processes by providing appropriate policies,practices, and guidelines. - Collaborate with the procurement andsupplier management teams to ensure information security and ITrisk management requirements are included in master contracts.Security Awareness and Training: - Build internal networks withinthe company and BNP Paribas group, ensuring alignment across riskmanagement, business executives, compliance, legal, and HRmanagement teams. - Engage with external peers to address commoncybersecurity trends, findings, and IT risks. - Manage a targetedcybersecurity and IT security risk management awareness andtraining program for all employees, contractors, and businessexecutives. Education: - Background in Cybersecurity, RiskManagement Certifications: - Relevant certifications (CISM, CISSP,NIS2, GDPR, ISO 27001 Lead Implementer) Required Experience /Knowledge: - Hands-On Technical Expertise: Strong technicalbackground in network security, system administration, and hands-onexperience with security tools and technologies (firewalls,IDS/IPS, SIEM, encryption, etc.). Experience with cloud security,SaaS products, and securing payment systems. - Risk ManagementExperience: Proven experience in IT risk management, includingconducting risk assessments, vulnerability management, andimplementing risk mitigation strategies. Ideally, the candida