BNP Paribas

ROLE AND RESPONSIBILITIES

Integrated in the Global Iberian Centre of Excellence, the candidate will be responsible for supporting RISK ORM management in the development and implementation of the ICT risk management framework.

As ICT Operational Risk Officer, the candidate will be responsible to contribute to the following topics:

Framework: to assist in the review, analysis and challenge of the ICT risk management framework, and particularly the norms & standards, consistent with RISK ORM guidelines, and validate any exemption to these norms & standards, namely in the ICT Risk and Control plans definition.

Risk Identification & Assessment: to challenge and verify the first line of defence (1LoD) risk identification, ensure the consistency of potential incidents quantification, conduct independent ICT risk assessments (incident review, post mortem analysis), and validate closure of permanent control actions (controls implemented by 1LoD).

Risk Decision & Treatment: to assist in the supervision of the risk treatment process (risk acceptance, risk transfer, risk remediation) performed by the BNP Paribas Entities and their Departments and/or to produce opinions on the ICT risk exposure with RISK ORM and 1LoD Management. To oversee the definition of the risk mitigation action plans and the implementation of the correlated recommendations.

Control testing: to conduct independent testing and challenge 1LoD (IT and operations) controls and oversee/perform 2LOD tests/vulnerability scans when required.

Risk management planning: to assist in the identification of the main ICT risks priorities, clarify/ define the approach to perform the work aligned with BNP Paribas framework, manage relationships with stakeholders, and ensure the completion of deliverables as agreed.

Risk Reporting, Monitoring & Alert: to support BNP Paribas Management and the RISK stakeholders on incidents and crisis management (e.g. security events, data leakage); to alert on critical points for attention to be raised to RISK Management.

Awareness / Training / Animation: to assist in promoting and driving awareness on ICT risks; to assist in organising risk meetings, forums and committees with community members.

SKILLS & EXPERIENCE REQUIRED

The successful candidate will need to have previous experience in implementing risk management programs and/or working in an internal/external ICT assessment function within a reputed consultancy/global organisation, with robust knowledge of technology, risks, architectures and related tools. Prior ICT risk experience (IT, Cyber, Vendor management etc.), exposure to the Financial Services industry, experience with GRC tools and other risk management information systems is preferred.

Negotiation, conflict management and presentation skills are necessary. The individual will assist in the preparation/contribution to the development of BNP Paribas RISK ORM ICT independent testing controls and conduct Risk and Control Self-Assessment independent re-testing and validation on 1LoD set up and performed controls. Experience interacting with regulatory agencies is a plus.

SPECIFIC REQUIREMENTS

• X years of experience specifically in technology risk assessments
• Bachelor’s degree in information technology, Information Security, Business or Risk Management (or equivalent professional qualification)
• Team player – focus on the success of the whole team. Working well both with others, as well as individually
• Excellent stakeholder management skills
• Experience in a Technology Risk, Information Security or an ICT Assessment and audit role
• Good listening and analytical skills – being able to come to a thoughtful and business focused conclusion quickly
• Motivated to pro-actively collaborate, challenge and contribute to promote a highly qualified team of experts in several domains and with relevant previous experience in BNP Paribas, Finance Sector, or Consulting firms
• Flexibility to travel and to work in a global context
• Ability to co-operate and work well with others adopting an approachable style – Important as we work closely with a large and diverse set of stakeholders, cultures, and contexts
• Ability to see the stakeholder perspective, i.e. from a business and operational point of view, the most secure solution is not always workable or realistic considering costs and benefits
• Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate, and collaborate with many departments
• Adapting personal approach to suit situations, individuals, groups and cultures. Being flexible in relation to getting the job done
• Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well
• Being rigorous and thorough, especially when logging and tracking issues through conclusion
• Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management
• Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business
• Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate
• Ability to re-think, promote continuous improvement, presenting and implementing new solutions and approaches

COMPETENCIES

• Good knowledge of ICT risks, IT Control, Information Security, Business Continuity, IT operations and IT Audit and assessment methodologies and concepts
• Experience working with ICT risks, business continuity, IT Management and operations, IT risk and IT audit teams
• Ability to articulate risk management concepts in business language
• Excellent written and verbal communication skills
• Proficient with Microsoft Office Suite
• Prior experience documenting tool requirements to support risk management
• Proven ability to manage issues through to resolution; skilled at making judgement calls
• Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times
• Industry certifications (e.g. CISA, CRISK, COBIT) or willingness to obtain the same
• Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework
• Multilingual capability (English is essential, French is preferred, other language is a plus)

CONDUCT

• Be a role model, supporting and fostering a culture of good conduct
• Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks
• Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure

BNP Paribas Group in Spain is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.