Information Systems Security and Business Continuity Officer M/F
At 31 December 2023, the Dexia Group will have around 500 members of staff. In addition to Brussels and Paris, the Group has a limited international presence in Ireland, Italy and the United States.
The Dexia Group is in orderly resolution as a bank until 31 December 2023. In July 2023, the Group applied for the withdrawal of the banking and investment services authorisations of Dexia (formerly Dexia Crédit Local), which was approved by the European Central Bank in December 2023, with an implementation date of 1 January 2024.
Since 1 January 2024, Dexia (formerly Dexia Crédit Local) has therefore continued its orderly resolution as a non-bank. Dexia offers great diversity and a real transversality of business lines and missions which enrich the professional experience of its members of staff.
Joining Dexia is a promise to evolve in a dynamic environment and to stimulate your career by developing new skills!
The Information Systems Security and Business Continuity Officer plays a
key role in the system to prevent and manage operational risks.
They are the Group authority with respect to information system security.
They are the central point of contact for all questions regarding
cybersecurity.
They are the privileged interlocutor for all aspects related to business
continuity and information systems security.
As a result, they define the information systems security rules in a
balanced and pragmatic way.
They indicate the actions to be undertaken and the security controls that
must be carried out on a recurring basis.
They provide proactive expertise on matters of cybersecurity.
They ensure the existence of a resilient organisation to secure
infrastructure and applications. They prioritise the measures required to
strengthen security and reduce network obsolescence.
They coordinate cybersecurity incident resolution and maintain an active
watch on all areas related to cybersecurity.
Lastly, they ensure the smooth operation of the Group business continuity
and crisis management system.
The position holder will be responsible for the following tasks :
Definition of standards (policies and procedures) with regard to
information system security and business continuity to ensure the
overall governance of ISS (IS Security) / BCP (Business Continuity
Plan) operational risks.
Assessment of ISS / BCP risks (mapping); monitoring of ISS / BCP risks
via Key Risk Indicators (KRI), in particular, for the Risk Appetite
Framework (RAF); coordination and monitoring of ISS / BCP risk
remediation actions. Analysis and management of security incidents;
methodology watch.
Management of authorisations and logical access via the Identity
Access Management (IAM) tool; monitoring of access control.
Awareness raising among employees of information system risks to
prevent the risk of fraud (awareness raising campaigns, internal
communication initiatives to highlight rules of use).
Definition of crisis scenarios and development of business continuity
plans (PCA / BCP) for all Dexia HO activities; assistance to
operational departments for the definition of their needs in terms of
continuity (RTO / RPO, remote access, criticality, etc.); management of
critical and important service providers; management of operational
management procedures for the BCP (PCA).
Preparation and leadership of the internal information system
security and business continuity committee with the representatives
of the operations departments (dashboard, monitoring of recurring
actions, monitoring of current projects impacting IS and business
continuity). Participation in information systems security management
committees with the principal service providers.
Participation in the strategic transformation projects of the bank
for IS Security and Business Continuity; interactions with the
operational departments, the audit, compliance and permanent control
departments, the banking supervisor
We are looking for candidates who have graduated from a post-secondary
Information Systems Engineering programme with at least 10 years'
experience in Information Systems Security as well as management
experience.
Candidates are expected to master NIST standards and cybersecurity tools.
French and English are the languages used on a daily basis.
Fluency in office automation tools is required (Word, Excel, PowerPoint).
Candidates are expected to be intellectually meticulous, have analytical
and summarising skills, excellent organisational, relationship and
communication skills.