Aderen People

Job details

IT Risk Analyst


Apply now
Job Opening ID 1827
Project lenght in months Largo Plazo
Languages Español, Frances, Ingles
Knowledge area
Skills Seguridad
Rate - Eur No definida
Job Description

SEEKING:  IT Risk Analyst

IT risk profile, providing reports to the Entity’s ITRO supporting in the identification, establishment and management


 The key responsibilities are:

Identifying potential IT & Cyber risks inherent in the SET activity

● A periodic review of the various IT & Cyber risk issues (periodic assessments, panoramas, etc.)

● Analysing or reporting on operational risks (RCSA, historic incidents, Control Plans, etc.)


Analyzing IT & Cyber risks (root cause, business impact etc.)

● Identifying the principal causes of IT & Cyber risks and potentially adverse events from an IT & Cyber risk perspective

● Evaluating IT & Cyber risks by considering their likelihood of occurrence and the IT and business impacts

● Identifying and taking account of mitigation measures put in place in respect of IT & Cyber risks (control plans, programmes for monitoring the IT & Cyber risk management system, etc.).Definition of action plans with the affected areas to properly mitigate the risks

● Managing the risk management process of the new activities to be performed in the organization, ensuring all subject matter experts are involved and the governance procedure is applied (facilitating New Activity Approval Committees).


IT risk management

● Support IT Risk Manager to ensure risks are properly identified, documented, assessed, monitored, controlled, and reported in a timely matter.

● Follow-up on open risks and remediation action plan and proper document them in the Group tool.

● Ensure and monitor the roll-out of remediation plans across the different areas in the organization.

● Provide advisory related to internal controls, risk assessments, risk management, IT controls, and corrective action plans.

● Manage interactions and approvals of derogations with the second line of defense.

● Manage the approval process for the identified risks and monitor and report the status.

● Contribute to IT Risk awareness actions


Reporting on the management of IT & Cyber risks to the ITRO and OPC

● Reporting alerts and suggesting corrective measures. Recommend controls and actions by identifying problems and improvement areas.

● Collect IT Risk indicators and prepare reports for the entity and for the group.

● Providing a consolidated view of IT & Cyber risks

● Support in the preparation of internal control committee.


Contributing to the various exercises and reviews on controlling and assessing IT & Cyber risks

● Providing support and the requested inputs to exercises and audits (RCSA, Risk Register, etc.)

● Review and update periodically IT risk mapping (process-risks-controls-procedures) of the organization according to new activities or changes of the already existing ones.

● Continuous monitoring of IT Controls and report them in the group tool, collecting the necessary evidences according to the BNPP-PF Group Regulations.

● Review and update periodically IT risk register.

● Identification of historical incidents and register them in the group tool ensuring all required information and approvals are provided in a timely manner according to the Group procedures.


Third parties risk management

● Ensure execution of third parties risk management activities, processing the results of the due-diligences done to the providers, assessing risk of every IT arrangement.

● Monitor the execution of the action plans by the providers


Shadow & Light IT

● Execute periodic Shadow IT Campaigns with the different teams to identify potential risk situations and ensure group methodology is applied.


Managing the roll-out of IT risk management practices and procedures at SSC SET

● Implementing the Group’s methods and priorities in the area of IT risk

● Develop and maintain local it risk policies and procedures based on the Group requirements and guidelines.

● Spread the IT risk group procedures across the organization (documentation, training sessions, etc.)


Must have:

● 1 year of experience in IT Risk



● Demonstrated ability to perform process analysis and experience in documenting controls.

● Experience in leading/delivering risk assessments and scenario analysis.

● IT Risk and Cybersecurity

● Risk Knowledge & Awareness

● Risk analysis

● Risk Anticipation

● Risk Monitoring

● Risk Opinion



● Communication Skills - Oral & Written

● Ability to Synthetise / Simplify

● Good stakeholder and relationship management skills.

● Proactive



● Analytical Ability

● Ability to manage / facilitate a meeting, seminar, committee, training…

● Ability to set up relevant performance indicators

● Ability to anticipate business / strategic evolution



● High level of English


Nice to have:

● Experience of driving solution and mitigation of issues in a highly complex and global organization.

● Audit experience

● French



● Permanent Contract

● Salary: 38K/50K  (According to experience provided)

● Location: Madrid  Hybrid work:  (50% teleworking 50% in person: 1 month teleworking, 1 month in person)

Apply now