Junior Security Risk Officer (French Speaker) | BPCE-IT
Natixis • Porto
Publicado em 07/04/2026 às 12:01
Full-time
Informática (Gestão de Redes)
Descrição da Vaga
Company Description
Natixis in Portugal is a Centre of Expertise whose mission is to transform traditional banking by developing innovative solutions for the business, operations and work culture of Groupe BPCE worldwide.
As part of Groupe BPCE’s international division, Natixis in Portugal designs and delivers solutions for its two core areas — Corporate \& Investment Banking and Asset \& Wealth Management — as well as transversal services that support all entities across the Group.
With more than 3,000 employees representing 46 nationalities, the teams work across Information Technology, Banking Support Activities, and Compliance, in an integrated, inclusive, and cross-functional way, supporting all business lines and platforms of the Group.
A disruptive mindset and a culture of proximity and agility identify Natixis in Portugal Team and reflect the company's mission to transform traditional banking at a global scale: a perfect match in the Portuguese dynamics and entrepreneurial ecosystem.
Job Description
The Groupe BPCE DSG provides the second line of defense (LoD2) regarding IT risks (including cyber risk), business continuity, safety of staff and premises and external fraud.
The Groupe BPCE DSG oversights all the entities of the Group.
The TRM center of expertise (CE TRM) coordinates LoD2 operations (risk analysis, level 2 controls, action plans, security reviews, etc.) for all group establishments that have adopted the Technology Risks Management (TRM) model.
The DSG works in close collaboration with the entities of the Group (BPCE-IT, BPCE SI, IT departments of Natixis and BPCE SA, etc.), and the Operational Risk departments.
The G-TRM team at Natixis Portugal oversees operating level 2 controls of TRM type for all the entities covered by CE TRM. These L2 controls are related to all taxonomies covered by CE-TRM and policies validated on BPCE Groupe.
Key tasks and objectives:
Take responsibility for carrying out LoD2 control operations.
Follow up on remediations in case of non-compliance.
Identify potential improvements and share them with CE TRM.
Gap analysis and refinement of use cases for relevant threat response.
Ensure continuous improvement of level 2 permanent controls level
Develop and maintain the technology risk management framework, policies, and procedures.
Develop and maintain comprehensive reports on level 2 permanent controls compliance level.
Communicate effectively with stakeholders to report on the status of level 2 permanent controls.
What we require of you
Strong background across the wide security landscape
Analysis skills to assess security tools to improve BPCE security by design framework
Evidence of a strong understanding of securing a software development life cycle
Significant experience in a role with all IaaS / SaaS / Cloud; specifically AWS and MS Azure
You will be in close cooperation with all the players in the second line of defense teams (Information system Security, Legal, Business Continuity, Data Privacy) and other IT Departments
Qualifications
We would expect you to have:
Degree in one of these areas: Cybersecurity; IT Engineer; Managing IT Systems
Fluency in English and Good level of French (Mandatory);
Advanced Knowledge of Drive (Archer); MS Excel; PowerBI; Splunk.
Certification of other security or IS audit standard (preferred)
a good knowledge of information systems and technologies.
a critical and result-oriented mindset.
been able to demonstrate your autonomy and proactiveness.
knowledge of the banking and insurance sectors.
Experience with Power BI and Excel.
Knowledge of regulatory requirements and industry standards related to technology risk management such as ISO27001\.
Results oriented.
Comfortable communicating with various stakeholders and senior management.
Additional Information
Our workplace reflects the vibrant spirit of our locations, with initiatives such as a Green Transportation Budget, electric bikes and a flexible Hybrid Work Policy. We promote wellbeing through the Honolulu Wellness Club, a Prayer Room, a Lactation Room, and themed Villages that inspire creativity and collaboration. Through our ESG and DEI strategies, we are commit to being inclusive, caring, and fair, ensuring every voice is heard and valued.
Natixis in Portugal is a Centre of Expertise whose mission is to transform traditional banking by developing innovative solutions for the business, operations and work culture of Groupe BPCE worldwide.
As part of Groupe BPCE’s international division, Natixis in Portugal designs and delivers solutions for its two core areas — Corporate \& Investment Banking and Asset \& Wealth Management — as well as transversal services that support all entities across the Group.
With more than 3,000 employees representing 46 nationalities, the teams work across Information Technology, Banking Support Activities, and Compliance, in an integrated, inclusive, and cross-functional way, supporting all business lines and platforms of the Group.
A disruptive mindset and a culture of proximity and agility identify Natixis in Portugal Team and reflect the company's mission to transform traditional banking at a global scale: a perfect match in the Portuguese dynamics and entrepreneurial ecosystem.
Job Description
The Groupe BPCE DSG provides the second line of defense (LoD2) regarding IT risks (including cyber risk), business continuity, safety of staff and premises and external fraud.
The Groupe BPCE DSG oversights all the entities of the Group.
The TRM center of expertise (CE TRM) coordinates LoD2 operations (risk analysis, level 2 controls, action plans, security reviews, etc.) for all group establishments that have adopted the Technology Risks Management (TRM) model.
The DSG works in close collaboration with the entities of the Group (BPCE-IT, BPCE SI, IT departments of Natixis and BPCE SA, etc.), and the Operational Risk departments.
The G-TRM team at Natixis Portugal oversees operating level 2 controls of TRM type for all the entities covered by CE TRM. These L2 controls are related to all taxonomies covered by CE-TRM and policies validated on BPCE Groupe.
Key tasks and objectives:
Take responsibility for carrying out LoD2 control operations.
Follow up on remediations in case of non-compliance.
Identify potential improvements and share them with CE TRM.
Gap analysis and refinement of use cases for relevant threat response.
Ensure continuous improvement of level 2 permanent controls level
Develop and maintain the technology risk management framework, policies, and procedures.
Develop and maintain comprehensive reports on level 2 permanent controls compliance level.
Communicate effectively with stakeholders to report on the status of level 2 permanent controls.
What we require of you
Strong background across the wide security landscape
Analysis skills to assess security tools to improve BPCE security by design framework
Evidence of a strong understanding of securing a software development life cycle
Significant experience in a role with all IaaS / SaaS / Cloud; specifically AWS and MS Azure
You will be in close cooperation with all the players in the second line of defense teams (Information system Security, Legal, Business Continuity, Data Privacy) and other IT Departments
Qualifications
We would expect you to have:
Degree in one of these areas: Cybersecurity; IT Engineer; Managing IT Systems
Fluency in English and Good level of French (Mandatory);
Advanced Knowledge of Drive (Archer); MS Excel; PowerBI; Splunk.
Certification of other security or IS audit standard (preferred)
a good knowledge of information systems and technologies.
a critical and result-oriented mindset.
been able to demonstrate your autonomy and proactiveness.
knowledge of the banking and insurance sectors.
Experience with Power BI and Excel.
Knowledge of regulatory requirements and industry standards related to technology risk management such as ISO27001\.
Results oriented.
Comfortable communicating with various stakeholders and senior management.
Additional Information
Our workplace reflects the vibrant spirit of our locations, with initiatives such as a Green Transportation Budget, electric bikes and a flexible Hybrid Work Policy. We promote wellbeing through the Honolulu Wellness Club, a Prayer Room, a Lactation Room, and themed Villages that inspire creativity and collaboration. Through our ESG and DEI strategies, we are commit to being inclusive, caring, and fair, ensuring every voice is heard and valued.
Precisa de estar logado para se candidatar.
Login para Candidatar