Tower Lead - NESSUS, Compliance Remediation

Job Summary

Owns the reporting architecture, evidence integrity and regulatory alignment of the service. Ensures every closed finding produces audit-grade evidence and that monthly, quarterly and on-demand packs are accurate, timely and consistent.

Key Responsibilities

• Own the dashboard suite — operational, risk, capacity, regulatory, steering, major incident.
• Ensure DORA, ACPR, ECB and EBA evidence expectations are met by the underlying data and the generated packs.
• Maintain the exception register schema, including expiry, compensating control, and re-review tracking.
• Lead the major-incident report process: timeline, actions, residual risk, lessons learned.
• Coordinate with SG audit and risk functions for internal and external audit cycles.
• Curate the continuous-improvement backlog: defects, gaps, automation candidates.

Skill Requirements

• Strong understanding of DORA ICT risk management requirements and ECB cyber resilience expectations.
• Hands-on experience building and operating GRC / risk-reporting dashboards.
• Familiarity with audit evidence requirements for vulnerability management.
• Data-literate: comfortable with SQL, BI tooling (Power BI / Tableau / Qlik) and JSON data feeds.

Other Requirements

• Background in audit, internal control or risk advisory in a regulated environment.
• Knowledge of French regulatory landscape — ACPR, CNIL, ANSSI guidance.