Cybersecurity Auditor FR

Main Tasks:

As a Cybersecurity Auditor, you will be responsible for evaluating and improving the effectiveness of our information security systems and processes.

Your key duties will include:

• Conducting comprehensive audits of our internal subsidiaries or 3rd parties, based on cybersecurity policies, procedures and controls to ensure compliance with regulatory requirements and banking industry standards;

• Identifying security-related vulnerabilities and weaknesses in BNPP subsidiaries/3rd parties’ information systems and recommending appropriate corrective actions;

• Collaborating with cross-functional teams to develop and implement robust security measures that protect our organization's data and assets;

• Preparing detailed audit reports, presenting findings, and providing actionable recommendations to senior management;

• Staying up-to-date with the latest cybersecurity trends, threats, and technologies to ensure our organization remains at the forefront of security best practices.

Technical Skills:

• Risk Knowledge & outsourcing awareness - Practice

• Knowledge of data protection regulatory landscape, internal policies and standards - Practice

• General knowledge on IT topics, or IT Risk and Cyber Security - Expert

• Knowledge of major frameworks, issues and developments regarding Law and Regulation (beginner) - Notions

• Cybersecurity - Expert

• NIST Cybersecurity Framework (CSF) - Expert

• Audit Methodologies - Expert

• Capabilities to perform scans, configuration reviews, writing automated control scripts - Expert

Language Skills:

• English – Mastery

• French – Mastery

Soft Skills:

• Ability to Synthesize/Simplify

• Ability to Analyze

• Communication Skills - Oral & Written

• Proactive, act as a critical thinker

• Ability to explain and manage the Change

• Ability to understand a predefined Governance and Methodology, to elaborate transversal processes • Ability to lead a meeting, seminar, committee

• Ability to establish and activate networks

• Ability to negotiate

• Ability to set up criteria to define and analyze risk levels