Inetum is a European leader in digital services, supporting organizations as they navigate continuous technological change. The company helps clients accelerate their digital transformation through a broad portfolio that includes consulting, application services, digital engineering, cloud, cybersecurity, platforms, and infrastructure services

 One of the leading banks in the European Union and a leading international player, is seeking to complement and reinforce its existing teams in the areas of IT risk management, cybersecurity and the fight against digital fraud.

Within IT Group, Informatics Directorate of the bank, the Cybersecurity & Digital Fraud Department's mission aims to structure, strengthen and harmonize IT risk management and cybersecurity for the overall  Group (approximately 30 entities) and:

• Defining the vision and strategy for IT risk management and cybersecurity, and ensuring the implementation of this strategy within the Group’s operating entities,
• Monitoring the security of the Group's information systems,
• Steering the IT Continuity and Resilience strategy and methodological framework.

The evolving Cyberthreats landscape increases the security risk of financial sector that leads the bank to strengthen its Cybersecurity maturity, IT risk management and Operation Resilience.

Within IT Group Cybersecurity & Digital Fraud department, the Assurance & Trust team:

• Provides the assurance of the bank’s cyber program deployment and its effectiveness
• Ensures that security controls are performing appropriately and that sensitive IT assets are protected (Offensive Security)
• Monitors the external security posture of the  Group & provide security monitoring on critical main 3rd parties

The External Vulnerability Scanning Team works on the last topic. It is – for the Group, worldwide - responsible for scanning the internet-exposed assets, steering the Entities for remediation and maintaining the scanning tools with a contribution from the software vendors.

You will join a dynamic and dedicated team which is distributed between Paris and Portugal.

The missions are as follows:

• Perform vulnerability scans on all the  internet-exposed assets
• Contribute to manage security ratings on all the  internet-exposed assets
• Maintain the contractual relationship with software vendors
• Manage SaaS solutions for cyber vulnerability and scoring 
• Build vulnerability reports and present them to the CISO Board
• Contribute to the evaluation of solutions to complement existing services                                                                                                                                                                                                                                                                                                                                                                                                                              

By taking the job and joining the team, you will:

• Work on transversal activities including many interactions with Group Entities and experts on all cyber security topics
• Develop knowledge in cyber security and IT risk

For example, you could evolve in teams such as Cyber Incident Security Response Team (CSIRT/CERT) and Penetration testing team                                                           

Main Tasks:

• Be the preferred External Attack Surface Management point of contact for a few bank's entities
• Support entities on their action plan definition, technical analysis of false positives and risk assessment of vulnerabilities                                                      
• Collaborate with solution providers to fix issues impacting the service (management of support tickets)                                                 
• Contribute to produce vulnerability reports and fix any issues regarding the reporting process
• Analyze, assess and report security risks, including their impacts to all entities CISOs                                                     
• Build and analyze various reports on the vulnerabilities/ratings                                                    
• Ensure administrative tasks concerning the platforms used to scan & detect vulnerabilities (manage assets, user accounts, …)

Technical skills:

• Ability to understand data, IT systems and cyber security risks (especially regarding Vulnerability management / Security Ratings)
• Offensive security: proficiency in hacking techniques / audit methodologies                                                       
• Proficiency in Microsoft office (specialy Excel),  PowerBI and SQL                                                    
• Knowledge on Qualys and / or bitsight is an added value                           

Languages

• English ➔ Mastery
• French is a plus

Soft Skills:

• Ability to collaborate / teamwork / Ability to establish and maintain networks                               
• Ability to lead a meeting, a committee                                  
• Adaptability skill                                   
• Ability to synthetize / simplify / analyze                                

Rigorous and detail-oriented