The mission of the IT Risk & Cyber Governance Officer is to ensure, for the IT activities within his/her entity, the realization of operational permanent control including the measure and the management of all operational risks linked to Information and Communication Technologies (ICT) including cyber security risks in accordance with the framework as defined by the IT Governance of BNP Paribas, as well as the deployment and coverage of the IT Risk Management Group (ITRMG) framework.
The coverage is APAC and the scope is all Business Units in charge of IT activities
As per BNP Paribas internal control charter, operating IT entities, and first and foremost their managers, are accountable for the risks they are exposed to given the businesses or services they run or deliver.
In this respect, and in full compliance with regulations applicable at group level and at entity level, and in line with group’s norms and requirements, the IT risk manager should for the IT entities under his/her oversight,:
- Assist in identifying and assessing operational IT risks the entities are exposed to.
- Ensure the risk monitoring and mitigation framework is within the defined risk appetite
- Ensure the implementation and continuous adaptation of the risk framework
- Ensure proper awareness of the risk framework for all IT teams
- Provide consistent risk monitoring & registration tools
- Provide risk management information and reporting to eligible bodies
- The management and reporting (to eligible bodies) of ICT risks (with if-needed associated risk acceptances, risk profiles, …) through both periodic RCSA realization and ad hoc risk assessment on his/her perimeter in accordance with the EBA ICT risk taxonomy.
– Maintaining the list of IT operational risks at APAC level to facilitate monitoring and reporting of risk
- Managing IT risk findings resulting from production incidents, application and infrastructure IT security risk assessment with APAC IT Business Units and APAC CIOs, CTO and CISO and raised risks ( e.g.: ICC, APAC IT OPC Steering Committee…)
- The organization of Function/Métier/Region IT risk committee at least twice a year;
– Provide support for various APAC IT Risk committees (APAC IT Risk/OPC, Technology Risk Committee, etc.) including logistic support, write the minutes, follow identified actions
– Consolidating and preparing the APAC contributions for various Internal Control and Permanent control committees
- The collection and analysis of IT historical incidents, the validation of Métier/Region IT incidents input into the dedicated Group system, based on CIB standardised criteria, the contribution to the definition and follow-up of associated action plans in addition to regular reporting ;
- Able to review the incident, understand the root cause, recommend controls to prevent similar incidents occurs in future;
- The deployment and reporting (at minimum the major ones) of IT controls (OPC and operational, standard and/or specific) identified to mitigate the risks ;
- Execute the controls and escalate the failures to the stakeholders adequately to address the remediation and track it efficiently;
- Review the controls submitted by other risk manages and perform C&C
- The preparation of the ICT Permanent control report based on provided templates, where required
- Understand and guide the team on controls. Work with global stakeholders meticulously and bring their attention to the area of concern.
- The overall follow-up and reporting (figures, alerts, etc.) of IT recommendations implementation in his/her scope (IG/Regulator/external/Permanent Control actions/Independent consultant) in order to meet the Group objectives;
- Anticipate and suggest how to bring down the risk
- CIB divisions : Business and Information Security
- Internal Audit / Inspection General
- APAC ORC, APAC OPCs
- APAC Anti-Fraud
- Global IT OPCs, Global ORC
- Local OPCs, Local ORC
- Regional CIOs, CTO and CISO
- External auditors & Regulators
Technical and Behavioral Competencies required
Essential Technical Knowledge/Skills:
- A solid background in operational risk management and control framework
- Knowledge of IT practices :project management ,security, continuity and production
- Excellent analytical skills and reporting capabilities (KPIs, dashboards, metrics, assessment …)
- A practical understanding of a large bank’s organization and systems
- Familiar with process analysis and improvement, drafting of workflows and procedures
Qualifications and Experience:
- At least 3 years of experience in an IT Risk, Control and Audit environment. Prior experience in IT Security Risk management would be advantageous
- At least 15 years of experience in IT environment
- Recommended certification: CISA , CISSP
Other Value-Added Competencies:
- Attention to detail
- Ability to manage several initiatives/projects and keep these on-track simultaneously
- Ability to effectively manage your own time and the priorities
- Interpersonal skills, ability to consolidate action plans and report progress status
- Pragmatic, ‘Can do’ attitude & Proactive approach with a strong ability to work on own initiative
- Capable of adapting to a new environment and to work under pressure towards tight deadlines
- Excellent oral and written communication
- Good interpersonal skills
- Big picture awareness
About BNP PARIBAS
As the leading European Union bank, and one of the world’s largest financial institutions with an uninterrupted presence in the region since 1860, BNP Paribas offers a wide range of financial services for corporate, institutional and private investors spanning corporate and institutional banking, wealth management, asset management and insurance.
We passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued and encourage applicants of all backgrounds, including diversity of origin, age, gender, sexual orientation, gender identity, religion applicants who may be living with a disability. We have a number of internal employee networks in place to empower our staff to act and challenge the status quo.
• BNP Paribas PRIDE is highly active in favour of the LGBTQIA+ community
• BNP Paribas MixCity which fosters better representation of women at all levels of the organization
• Ability, the mutual aid network for employees with a disability or a disabling or chronic illness
• BNP Paribas CulturAll which celebrates diverse backgrounds
BNP is committed to financing a carbon-neutral economy by 2050. The Group is a founding member of the Net-Zero Banking Alliance and has set up its own Low Carbon Transition Group to support its clients through their energy transitions.
BNPP has won Top employer Europe award in a 10th consecutive year