IT and Cybersecurity Risk Officer

Posted:
8/28/2024, 1:42:16 AM

Location(s):
Paris, Ile-de-France, France ⋅ Porto, Portugal ⋅ Ile-de-France, France

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
IT & Security

Working as IT and Cybersecurity Officer, the successful candidate will be engaged in all areas of the business part of Euronext group and will mainly focus in IT and CyberSecurity across the Group. Non-IT perimeter is also to be considered, even though this is not the first dimension of the role, but can evolve in middle term.

He/She will integrate a team of Risk and BCM expert and can leverage on their expertise and knowledge of the organisation.

He/She will contribute in implementing the company’s policies and ensuring the consistency of the Risk Management Framework, such as:

  • support in identifying and documenting with the business and the local coordinators (located in the operational teams, first line of defense) the various risks the company may face
  • participate in risk review on strategic or important project, as well as on third party providers
  • support on developing risk profiles and key risk indicators
  • Preparing risk report
  • support in promoting Risk across the group: providing training materials and performing awareness sessions to key stakeholders, supporting local coordinators in their group guidelines implementation
  • participate to GRC tool enhancement (benchmark of new tools leading to potential new tool deployment, updating internal powerBI dashboard…)

In addition, he/she will also be supporting Business Continuity Management enhancement in the group by

  • consolidating and challenging BCM documentation provided by local BCM coordinators, mainly on the IT and cybersecurity department, with a specific focus on Disaster Recovery procedure and Business Continuity Plan to respond to IT and Cybersecurity scenario (unavalaibility of datacenter, ransomware attack…)
  • aligning Business Continuity Management deliverables with IT practise to ensure building an coherent and synchronised approach in terms of critical asset and resiliency test.
  • participate to group crisis exercise & follow remediation plan

The candidate need to have GRC/Risk management background, as well as a technical security background and will work closely with information security and IT teams at the Euronext Group. The candidate must have strong stakeholder management skills and be prepared to interact with top management, as well as with local teams.

Within the Risk & Compliance department, a team of more than 40 talented professionals in Risk, BCM, Internal Control and Compliance, spread across our various geographies, is ensuring to preserve the value assets and reputation of the company. Identifying and assessing risks, implementing mitigation actions, informing and raising staff and business awareness, monitoring and ensuring compliance with the appropriate regulations are the core activities embedded in our team.

In this department, Operational Risk & Business Continuity Management team is covering the second line of defense function on Risk for IT, Cybersecurity, HR, Procurement and other transversal departments, as well as maintaining the appropriate Business Continuity maturity in the group. The stakeholders are located in all Euronext entities (Paris, Porto, Milan, Oslo, New York, Dublin, Copenhagen…).

Working as IT and Cybersecurity Officer, the successful candidate will be engaged in all areas of the business part of Euronext group and will mainly focus in IT and CyberSecurity across the Group. Non-IT perimeter is also to be considered, even though this is not the first dimension of the role, but can evolve in middle term.

He/She will integrate a team of Risk and BCM expert and can leverage on their expertise and knowledge of the organisation.

He/She will contribute in implementing the company’s policies and ensuring the consistency of the Risk Management Framework, such as:

  • support in identifying and documenting with the business and the local coordinators (located in the operational teams, first line of defense) the various risks the company may face
  • participate in risk review on strategic or important project, as well as on third party providers
  • support on developing risk profiles and key risk indicators
  • Preparing risk report
  • support in promoting Risk across the group: providing training materials and performing awareness sessions to key stakeholders, supporting local coordinators in their group guidelines implementation
  • participate to GRC tool enhancement (benchmark of new tools leading to potential new tool deployment, updating internal powerBI dashboard…)

In addition, he/she will also be supporting Business Continuity Management enhancement in the group by

  • consolidating and challenging BCM documentation provided by local BCM coordinators, mainly on the IT and cybersecurity department, with a specific focus on Disaster Recovery procedure and Business Continuity Plan to respond to IT and Cybersecurity scenario (unavalaibility of datacenter, ransomware attack…)
  • aligning Business Continuity Management deliverables with IT practise to ensure building an coherent and synchronised approach in terms of critical asset and resiliency test.
  • participate to group crisis exercise & follow remediation plan

The candidate need to have GRC/Risk management background, as well as a technical security background and will work closely with information security and IT teams at the Euronext Group. The candidate must have strong stakeholder management skills and be prepared to interact with top management, as well as with local teams.

Key accountabilities

  • Coordinate risk management works for IT and InfoSec departments, supporting in assessing and managing the risk with key stakeholders in the departments.
  • Review and advise on the internal security practices with industry best practices and security frameworks commensurate with strategy and the expectations of our clients and regulators. The implementation is made by the cybersecurity teams.
  • Produce risk profile and report on the second line of defence opinion on cybersecurity risk and cybersecurity and IT governance model, presenting these to senior managers as required.
  • Assist in the development, management and monitoring of IT and cybersecurity key risk indicators across Euronext
  • Support the team to align BCM and IT/Cybersecurity processes (risk scenario to cover, critical asset database, recover testing strategy…)
  • Participate to the implementation of the cyber resilience framework with InfoSec team (i.e. crisis management, infrastructure and data recovery process)
  • Coordinate the preparation of crisis management exercise with external providers
  • Contribute to the evolution of BCM & ERM frameworks (templates, documentation…)
  • Promote Risk & BCM training and awareness at Euronext, mainly for BCM & risk coordinators (update training documentation, deliver training session)



Required Skills & Experience

  • Minimum 5 years’ experience in an ICT risk management (or compliance/audit experience).
  • Knowledge of applicable international security standards and framework regulation (e.g. DORA, NIS2)
  • Experience within the financial sector will be a considerable benefit.
  • Ability to articulate complex security and privacy concepts to business users.
  • strong stakeholder management skills
  • Strong communication and presentation skills with the ability to communicate effectively with all levels including senior executives, both orally and in writing.
  • Delivery focused, with an ability to synthetize and organize information
  • Excellent written and verbal communications skills.
  • Excellent organisational skills.
  • Ability to work well under pressure and prioritise workload appropriately
  • Must be able to work well alone or as part of a team
  • (Desirable) security industry certifications
  • Fluent english required

Euronext Values

Unity

•        We respect and value the people we work with

•        We are unified through a common purpose

•        We embrace diversity and strive for inclusion

Integrity

•        We value transparency, communicate honestly and share information openly

•        We act with integrity in everything we do

•        We don’t hide our mistakes, and we learn from them

Agility

•        We act with a sense of urgency and decisiveness

•        We are adaptable, responsive and embrace change

•        We take smart risks

Energy

•        We are positively driven to make a difference and challenge the status quo

•        We focus on and encourage personal leadership

•        We motivate each other with our ambition

Accountability

•           We deliver maximum value to our customers and stakeholders

•           We take ownership and are accountable for the outcome

•           We reward and celebrate performance

We are proud to be an equal opportunity employer. We do not discriminate against individuals on the basis of race, gender, age, citizenship, religion, sexual orientation, gender identity or expression, disability, or any other legally protected factor. We value the unique talents of all our people, who come from diverse backgrounds with different personal experiences and points of view and we are committed to providing an environment of mutual respect.

Additional Information

This job description is only describing the main activities within a certain role and is not exhaustive. It does not prevent to add more tasks, projects.