C-TRM (CISO)

The Secretary General (SG) area ensures business follows external as well as internal rules and policies, and also internal controls, protecting therefore business activities and employees from non-compliance risks.

At Natixis in Portugal, SG provides specialized services worldwide for Natixis and Groupe BPCE.

With growing security threats and ever-increasing regulatory complexity, our information security and risk practices continue to expand. As part of our technology risks management framework, the C-TRM will help to ensure that appropriate risk management policies exist and are implemented to safeguard business activities at Natixis in Portugal. The role will work in close liaison with Head Office to ensure, where appropriate, that Group policies are incorporated locally.

This role sits within the Secretary General, and it will report directly to Natixis in Portugal Manager of SG Support.

Main tasks and goals:

As a control function, the CTRM is independent from the Technology operational units. It is directly accountable to the management body and responsible for monitoring and controlling adherence to the Technology Risk Management (TRM) framework.

The CTRM will:

• Establish and communicate Natixis’ governance, risk and control strategies, frameworks and policies;
• Identify, manage, measure and monitor technology risks with regards to business impacts, threats and weaknesses;
• Determine the criticality of the technology assets in coordination with the first line of defence;
• Provide oversight and independent challenge to the first line through an effective, objective assessment that is evidenced and documented where material;
• Identify, assess and communicate relevant regulatory changes;
• Ensure activities are compliant with applicable laws and regulations;
• Monitor and report on compliance with the Natixis Technology Risk Appetite and policies;
• Escalate technology risk issues in a timely manner;
• Provide training, tools, and advice to support the first line in carrying out its accountabilities;

Promote a strong risk management culture.

- Graduation in Engineering, Management or Finance;
- Technology Risk Management;
- Information Security Management;
- Governance and technical aspects of data classification, data protection, cyber security, access management, SIEM and incident management;
- Outsourcing project management;
- Establishing risk-based security policies;
- Fluent in English.

Other Requesites:
- French is a plus;
- Sense of ownership and responsibility;
- Ability to challenge status quo and advocate a risk-based approach of controls;
- Creativity, initiative and result-driven orientation;
- Ability to deal with senior management.

Our workplace reflects the vibrant spirit of our locations, with initiatives such as a Green Transportation Budget, electric bikes and a flexible Hybrid Work Policy. We promote wellbeing through the Honolulu Wellness Club, a Prayer Room, a Lactation Room, and themed Villages that inspire creativity and collaboration. Through our ESG and DEI strategies, we are commit to being inclusive, caring, and fair, ensuring every voice is heard and valued.