It And Cybersecurity Risk Officer

Working as IT and Cybersecurity Officer, the successful candidate will be engaged in all areas of the business part of Euronext group and will mainly focus in IT and CyberSecurity across the Group. Non-IT perimeter is also to be considered, even though this is not the first dimension of the role, but can evolve in middle term.He/She will integrate a team of Risk and BCM expert and can leverage on their expertise and knowledge of the organisation.He/She will contribute in implementing the company's policies and ensuring the consistency of the Risk Management Framework, such as:support in identifying and documenting with the business and the local coordinators (located in the operational teams, first line of defense) the various risks the company may faceparticipate in risk review on strategic or important project, as well as on third party providerssupport on developing risk profiles and key risk indicatorsPreparing risk reportsupport in promoting Risk across the group: providing training materials and performing awareness sessions to key stakeholders, supporting local coordinators in their group guidelines implementationparticipate to GRC tool enhancement (benchmark of new tools leading to potential new tool deployment, updating internal powerBI dashboard…)In addition, he/she will also be supporting Business Continuity Management enhancement in the group by:consolidating and challenging BCM documentation provided by local BCM coordinators, mainly on the IT and cybersecurity department, with a specific focus on Disaster Recovery procedure and Business Continuity Plan to respond to IT and Cybersecurity scenario (unavailability of datacenter, ransomware attack…)aligning Business Continuity Management deliverables with IT practice to ensure building a coherent and synchronized approach in terms of critical asset and resiliency test.participate to group crisis exercise & follow remediation planThe candidate need to have GRC/Risk management background, as well as a technical security background and will work closely with information security and IT teams at the Euronext Group. The candidate must have strong stakeholder management skills and be prepared to interact with top management, as well as with local teams.Within the Risk & Compliance department, a team of more than 40 talented professionals in Risk, BCM, Internal Control and Compliance, spread across our various geographies, is ensuring to preserve the value assets and reputation of the company. Identifying and assessing risks, implementing mitigation actions, informing and raising staff and business awareness, monitoring and ensuring compliance with the appropriate regulations are the core activities embedded in our team.In this department, Operational Risk & Business Continuity Management team is covering the second line of defense function on Risk for IT, Cybersecurity, HR, Procurement and other transversal departments, as well as maintaining the appropriate Business Continuity maturity in the group. The stakeholders are located in all Euronext entities (Paris, Porto, Milan, Oslo, New York, Dublin, Copenhagen…).Key accountabilities:Coordinate risk management works for IT and InfoSec departments, supporting in assessing and managing the risk with key stakeholders in the departments.Review and advise on the internal security practices with industry best practices and security frameworks commensurate with strategy and the expectations of our clients and regulators. The implementation is made by the cybersecurity teams.Produce risk profile and report on the second line of defence opinion on cybersecurity risk and cybersecurity and IT governance model, presenting these to senior managers as required.Assist in the development, management and monitoring of IT and cybersecurity key risk indicators across Euronext.Support the team to align BCM and IT/Cybersecurity processes (risk scenario to cover, critical asset database, recover testing strategy…)Participate to the implementation of the cyber resilience framework with InfoSec team (i.e. crisis management, infrastructure and data recovery process)Coordinate the preparation of crisis management exercise with external providersContribute to the evolution of BCM & ERM frameworks (templates, documentation…)Promote Risk & BCM training and awareness at Euronext, mainly for BCM & risk coordinators (update training documentation, deliver training session)Required Skills & Experience:Minimum 5 years' experience in an ICT risk management (or compliance/audit experience).Knowledge of applicable international security standards and framework regulation (e.g. DORA, NIS2)Experience within the financial sector will be a considerable benefit.Ability to articulate complex security and privacy concepts to business users.Strong stakeholder management skillsStrong communication and presentation skills with the ability to communicate effectively with all levels including senior executives, both orally and in writing.Delivery focused, with an ability to synthesize and organize informationExcellent written and verbal communications skills.Excellent organizational skills.Ability to work well under pressure and prioritize workload appropriatelyMust be able to work well alone or as part of a team(Desirable) security industry certificationsFluent English requiredEuronext Values:Unity:We respect and value the people we work withWe are unified through a common purposeWe embrace diversity and strive for inclusionIntegrity:We value transparency, communicate honestly and share information openlyWe act with integrity in everything we doWe don't hide our mistakes, and we learn from themAgility:We act with a sense of urgency and decisivenessWe are adaptable, responsive and embrace changeWe take smart risksEnergy:We are positively driven to make a difference and challenge the status quoWe focus on and encourage personal leadershipWe motivate each other with our ambitionAccountability:We deliver maximum value to our customers and stakeholdersWe take ownership and are accountable for the outcomeWe reward and celebrate performanceWe are proud to be an equal opportunity employer. We do not discriminate against individuals on the basis of race, gender, age, citizenship, religion, sexual orientation, gender identity or expression, disability, or any other legally protected factor. We value the unique talents of all our people, who come from diverse backgrounds with different personal experiences and points of view and we are committed to providing an environment of mutual respect.Additional Information:This job description is only describing the main activities within a certain role and is not exhaustive. It does not prevent to add more tasks, projects.
#J-18808-Ljbffr