Vendor Risk Officer

Company Description

Natixis in Portugal is part of the Global Financial Services division, where it applies technology for the development of financial expertise in its two global business lines – Corporate & Investment Banking and Asset & Wealth Management – and, transversally, for the entities of Groupe BPCE.

The Centre of Expertise, based in Porto, currently has more than 2,400 employees from over 30 nationalities, organised in three main departments: Information Technology, Banking Support Activities and Compliance. These teams work in an integrated, inclusive and transversal way, supporting and creating value for all the business lines and platforms of the group. The project in Porto is one of the biggest investments in Human Resources ever made by Groupe BPCE worldwide.

A disruptive mindset and a culture of proximity and agility identify Natixis in Portugal Team and reflect the company's mission to transform traditional banking at a global scale: a perfect match in the Portuguese dynamics and entrepreneurial ecosystem.

In 2024, Top Employers Institute has awarded Natixis in Portugal the Top Employer Portugal accreditation for the second time. This certification recognizes excellence in people practices, following the example of our head office, in France, who was certified Top Employer France for the eight year in a row.

Job Description

Team presentation and main goal:

The CIO Office is a transversal department, working for the IT of the group. This aim of this area is foster a

consolidated view of IT, that is split in various business units, enabling enhanced management and

communication for the scope.

The CIO Office operates in close connection with the support functions, to promote more efficient channels

of communication for management control.

The main areas of scope of the CIO Office are: Project based management, associated with resources,

activities and planning control. In addition, it includes control activities associated with KPI implementation

and monitoring, financial and Budget control. As well, the CIO Office aims to harmonize the practices and

rules, to facilitate a cross-cutting understanding of the challenges and the need.

Main tasks and goals:

As a Vendor Risk Officer, you will be instrumental in driving the organization's vendor risk management initiatives. Your expertise will help us maintain effective oversight of our supplier relationships and ensure that we mitigate potential risks. Your key responsibilities will include:

• Supplier Risk Management: Oversee the global supplier risk framework, ensuring compliance with organizational policies and industry regulations. Your proactive approach will help identify and manage potential risks linked to our vendors.
• Committee Engagement: Facilitate the Natixis Vendor Risk Management (VRM) Committee and collaborate closely with local procurement teams to promote best practices in vendor risk management. 
• Contractual Support: Assist in the contractualization process, ensuring that all vendor agreements include appropriate risk mitigation measures and comply with our established policies.
• Vendor Risk Monitoring: Continuously monitor and evaluate risks associated with vendors, ensuring timely identification, reporting, and management of any potential threats to the organization.
• Incident Follow-Up: Track and manage vendor incidents, ensuring that appropriate corrective actions are taken swiftly while maintaining thorough documentation of all vendor-related issues.
• LOD1 Controls Management: Take charge of managing Line of Defense 1 (LOD1) controls, ensuring that they are executed effectively and efficiently by coordinating the definition of LOD1.2 controls (nature of the control, actors involved, tools) along with the writing of relevant policies and procedures.
• Risk Assessment Execution: Execute LOD1.2 controls on risk assessments, ensuring quality in qualification, the validation process, and periodic updates coming from BPCE Achats & Services Shared Services Center or managed locally by international platforms.
• Regulatory Compliance: Handle regulatory notifications (including those from the ECB) and ensure compliance with DORA and EBA requirements, maintaining the correctness of all fields in relevant registers.
• Data Quality Assurance: Play a critical role in the Grasp tool migration project, ensuring data integrity and quality in the target repository, collaborating closely with the IT team in Porto and Natixis stakeholders.
• Activity Reporting: Ensure the follow-up of risk assessments coordinated by BPCE Achats & Services Shared Service Center, providing thorough reporting and activity updates to stakeholders.
• Project Participation: Actively engage in team projects and other significant initiatives relevant to vendor risk management, contributing for the overall success of the VRM function.

Your ability to communicate effectively and collaborate with various stakeholders—including procurement, compliance, and legal teams—will be essential to your success in this role. As well, you’ll need to have a keen eye for detail, a strong understanding of vendor risk management principles. This role will entail significant contact with our headquarters in France, so your ability to communicate and speak the language will be a major plus.

Qualifications

• Degree in relevant area
• +2 years’ experience in customer support, management control, and/or project management.
• At least a B2 level of English and a B2 Level of French (mandatory)
• +1 year Purchase to Pay knowledge
• +1year Suppliers / KYS knowledge
• +1 year Contract management
• +1 year Risk analysis
• Knowledge of Priscop; Grasp ; Ivalua Harmoni will be a plus.

We will only consider English Cv's.

Additional Information

At Natixis, we are committed to fostering a working environment where each and every one of our people is treated with dignity and respect and where every voice is heard. Our differences make us collectively stronger and are a source of fulfilment, innovation and performance.

In the framework of its Diversity, Equity & Inclusion policy, Natixis in Portugal has implemented a Blind CV Screening process, with the purpose of reducing hiring bias. A blind CV excludes any personal details which refer to the applicant’s gender, age or ethnicity. When applying for our positions, please submit a blind CV, that is, with no picture, name, gender, age, nationality, ethnicity and address. Your personal statement, work experience, courses and certifications, education, skills and contact information is what matters to us.

#MuchMoreThanJustAJob

Early morning. Campo 24 de Agosto. In 4 minutes, you are clocking in at the office. Start your day having breakfast with the Team and grab fresh fruit on the way to your seat, in one of Porto’s most typical neighborhoods. This Purple Day is going to be a busy one: daily meeting ensuring all team members are on the same page regarding work status, priorities and blockers, language class and, just after, a Talent Management meeting with your manager, discussing your career path. 

Lunch break. Today, your Team is onboarding newcomers, but also welcoming French colleagues: the perfect excuse to walk downtown and bond over a francesinha. When returning, inhale nature and peace of mind in Natixis Urban Garden (look at the crops; ready to harvest!). 

Back inside. Brainstorming session on a new, exciting project in our disruptive and immersive Manaus Village. The afternoon went flying (tasks, meetings, some jokes with your teammates). End it on a high note: celebrating cultural diversity with a Diwali, the Indian festival of lights. 

Tomorrow, you attend a conference led by influential speakers in your industry and, the day after, you will work from home, benefitting from some focus time to complete that report and soft skills course on LinkedIn Learning. Once you are done with your work for the day, strike the right note playing with Natixis band or be part of a board games session. If that is too steady for you, meet your colleagues to catch some waves or sail the Douro river during golden hour.