Cybersecurity Auditor

Cybersecurity Auditor
Lisboa
Lisboa, Lisboa, Portugal

Location: Lisbon or Porto

Job Description:

We are seeking to complement and reinforce its existing teams in the areas of IT risk management, Cybersecurity and the fight against Digital Fraud.

Candidate Profile:

• A bachelor's degree in computer science, information technology, or a related field
• Experience level: At least 5 years of audit (preferably within the banking or financial services industry), experienced profile is expected
• Any relevant certification (e. g. ISO 27001/27005, CISA, CISM, CISSP)
• Relevant experience related to Third Party Risk Management or Outsourcing is a strong plus
• Strong analytical and
  - solving skills, with the ability to think critically and identify potential security risks.
• Excellent communication and interpersonal skills, with the ability to effectively convey complex technical information to
  - technical stakeholders.

Within IT Group, the Cybersecurity & Digital Fraud (CDF) Department's mission aims to structure, strengthen and harmonize IT Risk management and Cybersecurity for the overall Group:

• Define the vision and strategy for IT risk management and cybersecurity, and ensuring the implementation of this strategy within the Group’s operating entities,
• Monitor the security of the Group's information systems,
• Steer the IT Continuity and Resilience strategy and methodological framework.

The evolving Cyberthreats landscape increases the security risk of financial sector that leads to strengthen its Cybersecurity maturity, IT risk management and Operation Resilience.

Within IT Group Cybersecurity & Digital Fraud (CDF) department, you will be part of the extended team in Portugal, specifically the Assurance & Trust team, composed of experts in DLP (Data Leakage Prevention), Penetration Testers & Red Teamers, and Vulnerability Management Specialists. Our auditor team is currently located in Paris and willing to expand in Portugal (both Lisbon & Porto). You will have 2 main missions:

• Cybersecurity Assessment on internal subsidiaries
• Cybersecurity assessment for entities, allowing
  -
  - field & accurate evaluation of their IS Security risks & vulnerabilities.
• 3rd parties’ Audit
• 3rd parties’ security audits on main providers (e. g. : cloud services providers such as MS O365, AWS, Worldline, etc. ).

Travels are expected, mostly in Europe, but US and APAC organizations could also be audited

If you are a proactive and dedicated professional with a passion for cybersecurity, we would love to hear from you.

We look forward to potentially welcoming you to our team and working together to ensure the highest levels of security and compliance within our organization.

Main Tasks:

As a Cybersecurity Auditor, you will be responsible for evaluating and improving the effectiveness of our information security systems and processes. Your key duties will include:

• Conducting comprehensive audits of our internal subsidiaries or 3rd parties, based on cybersecurity policies, procedures and controls to ensure compliance with regulatory requirements and banking industry standards;
• Identifying
  - related vulnerabilities and weaknesses in subsidiaries/3rd parties’ information systems and recommending appropriate corrective actions;
• Collaborating with
  - functional teams to develop and implement robust security measures that protect our organization's data and assets;
• Preparing detailed audit reports, presenting findings, and providing actionable recommendations to senior management;
• Staying
  -
  - date with the latest cybersecurity trends, threats, and technologies to ensure our organization remains at the forefront of security best practices.

Technical Skills:

• Risk Knowledge & outsourcing awareness - Practice
• Knowledge of data protection regulatory landscape, internal policies and standards - Practice
• General knowledge on IT topics, or IT Risk and Cyber Security - Expert
• Knowledge of major frameworks, issues and developments regarding Law and Regulation (beginner) - Notions
• Cybersecurity - Expert
• NIST Cybersecurity Framework (CSF) - Expert
• Audit Methodologies - Expert
• Capabilities to perform scans, configuration reviews, writing automated control scripts - Expert

Language Skills:

• English – Mastery
• French – Mastery