IT Risk & Cyber Security Analyst BNP Paribas (#MITP)

Employment contract:

Standard / Permanent


Madrid, Community of Madrid, Spain





BNP Paribas is an international bank with leading positions in the European market. It is present in 74 countries and employs more than 192,000 people, 146,000 of whom are in Europe. The Group holds key positions in its three main areas of activity: Domestic Markets and International Financial Services (whose retail banking and financial services network is part of Retail Banking & Services), as well as Corporate & Institutional Banking, which offers services to corporate and institutional clients. The Group supports its customers (individuals, entrepreneurs, SMEs, large companies and institutions) to help them carrying out their projects by providing financing, investment, savings and insurance services.
In Europe, the Group has four domestic markets (Belgium, France, Italy and Luxembourg) and BNP Paribas Personal Finance is number one in retail financing in Europe.
BNP Paribas is developing its integrated retail banking model in the Mediterranean countries, Turkey, Eastern Europe and has an important network on the US West Coast. In both its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas has leading positions in Europe, a strong presence in the Americas and a solid and growing network in the Asia-Pacific region.

The CIB IT Platform for EMEA is responsible to provide IT Services to our Clients ensuring a Digital Market evolution, in a secured and performant environment, and with a reliable quality. This function includes Global Markets Application Production, Local Territory IT Development, the Core Infrastructure environment including Datacentres, Application Production, Security, Architecture as well as elements of the Global Services organisation.

BNP Paribas IT teams are providing infrastructure, development and production support services to all applications used worldwide by all business lines. There is a great variety of technologies and infrastructures from legacy systems to cutting edge Cloud technologies.

Within BNP Paribas Group IT, the filiere Production Security is in charge of answering operationally to the challenges of cybersecurity with an end-to-end vision and consistently across the Bank.


We are looking for an IT Risk & Cyber Security Analyst in charge of assessing Cyber risks on the IT production perimeter for outsourced activities as well as a contribution of Cyber expertise in support of the CISO.


The main activities and missions will be:
• In charge of CISO activities related to Third Parties Risk Management on IT production perimeter:

o Step 1 – Cyber Risk Identification & Assessment:
§ Identify and assess the ICT and Cyber Security Risk of the activity in a context of an externalization.
§ Initiate the overall process which includes preliminary risk identification, analysis and evaluation.
§ Define / recommend activities that are adequate to the risk level to perform before the validation committee.
§ Identify ICT and cyber security need.

o Step 2 – IT Risk & Cyber Security Due Diligence:
§ Assess the compliance of the proposal of the service provided by the suppliers to the ICT applicable requirements for protecting BNP Paribas
§ Select the most suitable supplier among the shortlisted ones.

o Step 3 – Contract Negotiation
§ Formalize the applicable conditions to the service provided and the Supplier’s commitment to implement agreed Cyber Security measures.

• Proposal and validation of evolutions in the hardening rules of the security of the products used within the Group:
o Assist product owner in writing hardening rules
o Review hardening rules published previously
o Align hardening rules with other production security teams
o Coordinate the implementation of control rules
• Review and validation of the Asset Sensitivity Cards of ITGP applications
o Analyze and assess the Asset Classification from a Security perspectives
o Review the answers of Security and IT Architecture questionnaire
o Add Key requirements from Group BNPP Security framework to comply with

Technical & Behavioral Competencies
• Expertise in computer security standards and frameworks and the main IT & security risk frameworks (NIST, CIS, ISO27001, EBIOS, etc.),
• Expertise in the main types of cybersecurity incidents and how to protect against them.
• Technical expertise in IT/Cloud infrastructures, usual products and technologies
• Critical mind, good analytical and synthesis skills.
• Rigor, curiosity, autonomy, involvement, availability and taste for teamwork.
• Ability to listen and communicate to convince, adapting to one’s interlocutors.
• Ability to take a step back and formalize needs, write synthesis documents and report on work.
• Animation of transversal working groups.
• Very good command of English (written/spoken).
• French speaking will be appreciated.



Education Level: Master Degree or equivalent

At least 5 years

 •  English: fluent
 •  French: optional.

•  Ability to collaborate / Teamwork
•  Analytical Ability 
 •  Ability to set up relevant performance indicators
 •  Ability to inspire others & generate people’s commitment
 •  Analytical Ability

• Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries.
• Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity).
• Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities.
• Flexible compensation plan
• Hybrid telecommuting model (50%)
• 31 vacation days

Diversity and Inclusion commitment

BNP Paribas Group in Spain is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.