General information
Organisation
At 31 December 2023, the Dexia Group will have around 500 members of staff. In addition to Brussels and Paris, the Group has a limited international presence in Ireland, Italy and the United States.
The Dexia Group is in orderly resolution as a bank until 31 December 2023. In July 2023, the Group applied for the withdrawal of the banking and investment services authorisations of Dexia (formerly Dexia Crédit Local), which was approved by the European Central Bank in December 2023, with an implementation date of 1 January 2024.
Since 1 January 2024, Dexia (formerly Dexia Crédit Local) has therefore continued its orderly resolution as a non-bank.
Dexia offers great diversity and a real transversality of business lines and missions which enrich the professional experience of its members of staff.
Joining Dexia is a promise to evolve in a dynamic environment and to stimulate your career by developing new skills!
Reference
2024-411
Position description
Job title
Information Systems Security and Business Continuity Officer M/F
Contract type
CDI
Job description
The Information Systems Security and Business Continuity Officer plays a key role in the system to prevent and manage operational risks.
They are the Group authority with respect to information system security.
They are the central point of contact for all questions regarding cybersecurity.
They are the privileged interlocutor for all aspects related to business continuity and information systems security.
As a result, they define the information systems security rules in a balanced and pragmatic way.
They indicate the actions to be undertaken and the security controls that must be carried out on a recurring basis.
They provide proactive expertise on matters of cybersecurity.
They ensure the existence of a resilient organisation to secure infrastructure and applications. They prioritise the measures required to strengthen security and reduce network obsolescence.
They coordinate cybersecurity incident resolution and maintain an active watch on all areas related to cybersecurity.
Lastly, they ensure the smooth operation of the Group business continuity and crisis management system.
The position holder will be responsible for the following tasks:
- Definition of standards (policies and procedures) with regard to information system security and business continuity to ensure the overall governance of ISS (IS Security)/BCP (Business Continuity Plan) operational risks.
- Assessment of ISS/BCP risks (mapping); monitoring of ISS/BCP risks via Key Risk Indicators (KRI), in particular, for the Risk Appetite Framework (RAF); coordination and monitoring of ISS/BCP risk remediation actions. Analysis and management of security incidents; methodology watch.
- Management of authorisations and logical access via the Identity Access Management (IAM) tool; monitoring of access control.
- Awareness raising among employees of information system risks to prevent the risk of fraud (awareness raising campaigns, internal communication initiatives to highlight rules of use).
- Definition of crisis scenarios and development of business continuity plans (PCA/BCP) for all Dexia HO activities; assistance to operational departments for the definition of their needs in terms of continuity (RTO/RPO, remote access, criticality, etc.); management of critical and important service providers; management of operational management procedures for the BCP (PCA).
- Preparation and leadership of the internal information system security and business continuity committee with the representatives of the operations departments (dashboard, monitoring of recurring actions, monitoring of current projects impacting IS and business continuity). Participation in information systems security management committees with the principal service providers.
- Participation in the strategic transformation projects of the bank for IS Security and Business Continuity; interactions with the operational departments, the audit, compliance and permanent control departments, the banking supervisor
Profile
We are looking for candidates who have graduated from a post-secondary Information Systems Engineering programme with at least 10 years’ experience in Information Systems Security as well as management experience.
Candidates are expected to master NIST standards and cybersecurity tools.
French and English are the languages used on a daily basis.
Fluency in office automation tools is required (Word, Excel, PowerPoint).
Candidates are expected to be intellectually meticulous, have analytical and summarising skills, excellent organisational, relationship and communication skills.
Position location
Job location
Europe, France, Ile-de-France, Paris (75)
Location
Paris