Description

Key Responsibilities

Supply‑Chain Risk Management

• Review and understand vendor services and define assessment scope using the BNP Paribas Vendor Questionnaire.
• Conduct security assessments or work with global team to ensure appropriately scoped assessments are performed; deliver findings in both English and Spanish.
• Evaluate final assessment reports, define appropriate risk levels, taking into account local control environment (Low/Moderate/Notable, High), and develop implementable corrective actions.
• Discuss findings with business lines, come to agreement on next steps, and formalize action plans in the system of record
• Perform periodic outreach to service providers verifying mitigation steps for current treats and open action plans.

Transformation & Projects

• Understand business priorities, key initiatives, planned programs and aspirations; collaborate closely with cybersecurity leadership to ensure programs are aligned and communicated
• Lead initiatives and deliverables within information security domain environments
• Lead end‑to‑end delivery (design, development, testing, implementation, operation and maintenance) of new and existing Third Party and Information Security projects
• Assist in identifying opportunities for automation through data analysis

Operational Efficiency

• Support and promote automation of repetitive and complex data management tasks to improve efficiency across information security functional areas
• Extract, Transform, and Load(ETL) Data with a firm understanding of how to shape datasets using a mixed environment
• Design, maintain, and review KPI dashboards that monitor third‑party risk performance and drive continuous improvement.

Required Qualifications

Category

Minimum Requirements

Experience

≥ 6 years in information‑security or risk‑management roles, including ≥ 2 years delivering security projects.

Education

Bachelor’s degree in Computer Science, Information Security, Engineering, or equivalent work experience.

Technical Skills

• Vendor risk assessment frameworks (NIST CSF, ISO 27001, SIG).

• Proficiency with security questionnaires (SIG, CAIQ).

• Scripting – basic competency in PowerShell, Python, or equivalent.

• ETL tools (SQL, Alteryx, Python‑pandas).

Languages

Fluent written & spoken English and Spanish mandatory (French not required for this role).

Certifications (desired)

CISSP, CISA, CRISC, or Certified Third‑Party Risk Professional (CTPRP).

Soft Skills

Strong written & verbal communication; ability to convey complex security concepts concisely in both languages; excellent stakeholder‑management; adaptability to shifting priorities; rigorous documentation habits

Key Skills

Education

Bachelor's degree