Mission Context
Our client is launching a program to comply with the Digital Operational Resilience Act (DORA) regulation. DORA introduces a five-pillar framework:
1. ICT Risk Management
2. Incident Reporting
3. Operational Resilience Testing
4. Third-Party Risk Management (TPRM)
5. Information Sharing
Function Description
We are seeking a Cybersecurity Consultant with expertise in DORA compliance to support Axepta BNP Paribas in aligning its operations with DORA and related regulations. This role involves assessing, advising, and implementing cybersecurity and operational resilience strategies. The consultant will work closely with the IT team and report directly to the Head of IT.
Key Responsibilities
DORA Compliance Advisory: Provide expert guidance on aligning cybersecurity frameworks, IT risk management, and operational resilience strategies with DORA requirements.
● Gap Analysis & Risk Assessment: Conduct assessments to identify gaps in existing cybersecurity and ICT risk management practices.
● Policy & Framework Development: Assist in developing frameworks for ICT risk management, incident reporting, third-party risk management, and business continuity.
● Incident Response & Crisis Management: Support the establishment of incident reporting mechanisms aligned with DORA mandates.
● Testing & Simulation: Collaborate with third-party suppliers to ensure penetration testing, vulnerability assessments, and operational resilience testing in line with regulatory standards.
● Regulatory Reporting & Documentation: Prepare compliance reports and ensure thorough documentation for audits and regulatory scrutiny.
Required Experience / Knowledge
Technical Experience – Mandatory:
● At least 5 years of relevant experience.
● Proven hands-on experience in:
○ Cybersecurity
○ Vulnerability assessment
○ Monitoring tools
○ Logging tools
○ Access management tools
● Strong knowledge of:
○ Cloud security
○ Third-party risk management
○ Penetration testing methodologies
○ IT risk management or operational resilience within fi nancial services
○ DORA, NIS2, GDPR, EBA/ECB ICT risk guidelines, ISO 27001/27005
● Experience in:
○ Cyber risk assessments
○ Business continuity planning (BCP)
○ Disaster recovery (DR)
○ Incident response
●Familiarity with cybersecurity frameworks such as:
○ NIST
○ CIS
○ ISO 27001
○ MITRE ATT&CK
● Ability to engage with regulators, auditors, and senior stakeholders to explain compliance strategies.
Technical Experience – Preferable:
● Knowledge and experience with Azure infrastructure tenant solution and setup.
● Experience with ServiceNow.
● Experience working with European fi nancial regulators or internal audit teams on DORA-related projects.
Business Experience – Mandatory:
● Proven experience in developing and writing clear information security processes and work procedures, based on group-level policies.
● Experience collaborating with third-party suppliers.
● Strong communication skills, both oral and written, tailored to the audience.
● Good presentation skills for simplifying complex messages (PowerPoint, oral, etc.).
Education & Certification
● Degree in Cyber Security.
● Relevant certifi cations are a plus:
○ CISM
○ CISSP
○ CRISC
○ CISA
○ ISO 27001 Lead Implementer/Auditor
○ CEH
Soft Skills
● Team player
● Ability to work in a dynamic and multicultural environment
● Quick self-starter with a proactive attitude
● Strong analytical and synthesis skills
● Quality-minded and detail-oriented
● Goal-oriented, responsive under pressure, and deadline-driven
● Autonomous, committed, and perseverant
#J-18808-Ljbffr