About the job
- The below requirement is for ORO – IT Controls Testing role which part of the Group RISK ORM Network team. The candidate will be part of BNP Paribas 2nd line of defence function, and will be responsible for testing the deployment and effectiveness of the IT and Cyber controls globally
- The candidate reports directly to the Global Iberian Centre of Excellence and functionally to Group Head of ICT Controls Testing
Your Main Activities Are
- Perform the independent testing of ICT controls (IT controls testing) to determine the design effectiveness, and operating effectiveness of IT and Cyber controls
- Contribute to the industrialization and automation of RISK ORM ICT control testing services by development of methodologies / tools for the achievement of assignments
- Draft high quality reports containing the assessor’s opinion on the ICT control gaps, and recommendations for improvement, post completion of an assignment
- Review and assist with the evaluation of control deficiencies and provide practical recommendations for remediation
- Identify areas of improvement for ICT control testing, and assist with the enhancement of the methodologies / tools for carrying out the ICT controls testing assignments
- Ensure completion of the testing and adherence to the internal timelines
- Provide IT and cyber risk management consultancy (specific to ICT controls) to business and IT stakeholders
- Work in collaboration with other stakeholders from IT, business and RISK ORM teams to contribute towards influencing the ICT risk culture of The Bank
- Improve the effectiveness of the Internal Controls programme by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities
Profile and Skills to Success
- 3 years of experience in IT audit / IT control testing / technical assessments, preferably in the areas of Cyber and Technology domains in a financial institution
- Proficiency in French and English is essential
- Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment
- Must be able to interface and coordinate work efficiently with stakeholders and business partners
- Excellent analytical skills – being able to come to a thoughtful and business focused conclusion quickly
- Good communication, listening and influencing skills, including ability to articulate complex issues and incorporate feedback
- Ability to manage their workload independently to meet their targets, and priorities set in conjunction with management
- Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate
- Adapting personal approach to suit situations, individuals, groups and cultures
- Being rigorous and thorough – especially when logging and tracking issues through to conclusion
- Team player – focus on the success of the whole team
- Working well both with others, as well as individually
- Ability to work under strict timelines and at pressure situations to manage the delivery
- Open to work under global time zones as required for workshops or stakeholder discussions
- Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements
- Is self-aware, anticipates problems, adapts and meets them head on
- Strong stakeholder management, relationship building, influencing, facilitating and presenting skills
- Is solutions focused – measures their output on whether issues, problems or challenges are resolved as criteria for success
- University degree (technical), and/or certification such as ISO27001, CISA
- Professional qualifications/trainings relevant to technology and/or cyber risk (e.g. change management, outsourcing, vulnerability management, cloud security among others)
- Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure
About the Team
- The Risk ORM, Operational Risk Officer IT is part of the Group Risk Functions within BNP Paribas. It is a part of the second line of defence and the department has responsibility for identification of key operational and technological related risks to the Bank and influencing business and technology partners to take sound risk management decisions
- The Group Risk ORM Networks Control Testing activities are carried out using risk based approach and may be conducted periodically, at Group or Entity levels across the world, with continuous review and assessment as required. The frequency for testing may increase for certain topics, where environments are subject to continued change due to mergers and acquisitions or improvements in IT and Business processes
- The IT Controls Testing activities aims to validate whether the risk mitigation framework operates as expected by verifying standards, policies and practices, contributing to the residual risk determination process by validating the implementation of the required controls
Why joining BNP Paribas?
· Leading banking institution
BNP Paribas is a leader in the Eurozone, and a prominent international banking institution with strong roots in Europe's banking history. It has a presence in 65 countries, with around 190 000 Employees – including more than 145 000 in Europe.
· Our presence in Portugal
Since 1985, BNP Paribas was one of the first foreign banks to operate in the country. Today, the Group has around 7.100 employees across several entities operating directly in the territory, offering a wide range of integrated financial solutions to support its clients and their businesses.
· International reach
Thanks to its international presence and regular and close collaboration among its different entities, BNP Paribas has the resources to support all clients with financing, investment, savings and protection solutions that help make their projects a success. BNP Paribas holds key positions in its three core operating divisions:
- Retail Banking, a division that brings together all of the Group’s retail activities and specialised business lines;
- Investment & Protection Services that include specialised businesses offering a wide range of savings, investment and protection services;
- Corporate & Institutional Banking division that offers tailored financial solutions for corporate and institutional clients.
· Diversity and Inclusion commitment
BNP Paribas is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.
· Commitment towards work/life balance
At BNP Paribas we care about our employees wellbeing and promote a culture of good integration between work and rest. We believe our employees have rich personal lives outside of work, being fundamental to be disconnected from work to recharge both physically and mentally. Only through this balance we may all be at our best while working.
· Remote Working Conditions
At BNP Paribas, we embrace a Smart Working framework based on trust, autonomy and collaboration. Within this framework, eligible employees can benefit from flexible remote working modalities adapted to our hybrid working environment. To guarantee a comfortable and efficient working set-up, eligible employees are provided with both the office and home equipment, are entitled to an equipment allowance and can benefit from exclusive partnerships to purchase additional equipment at reduced prices.
To find out more on why you should join BNP Paribas visit https://bnpp.lk/why-BNP-Paribas-Portugal
* Please note that only applications submitted in English will be considered.
* In case you are selected for this role, further documentation will be requested to support your hiring process.