NP Paribas is present in Portugal since 1985, having been one of the first foreign banks to operate in the country. Today, BNP Paribas has several entities operating directly in this territory, offering a wide range of integrated financial solutions to support its clients and their businesses.
Worldwide, the Group has key positions in its three main activities : Domestic Markets and International Financial Services (whose retail-
banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises : corporate clients and institutional investors.
The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realise their projects through solutions spanning financing, investment, savings and protection insurance.
The Information and Communications Technology (ICT) Risk department covers areas such Availability & Continuity, Security, Change, Data Integrity and the Outsourcing Risks that are associated with the use of Information and Communication Technologies in our business, and is part of the Group Risk Functions within BNP Paribas.
It is a part of the 2nd line of defence under the Bank’s Chief Cyber & Technology Risk Officer. The department mission is :
Collaborate with the CRO (Chief Risk Officers) community across the Global operation to manage the ICT Risk exposure of their entity within the Group's stated Risk Appetite.
Develop and maintain a holistic, forward-looking view of ICT Risk throughout the Group.
Raise the ICT Risk IQ within the community via enablement, engagement and effective governance.
Ensure relentless preparation to negative events by continuously stress testing detection and response capabilities and improving recovery measures.
Partner with the first and third lines of
Advise the Business on the effective and risk aware approach to Accelerated Digital Transformation.
Successful candidate will have proven track record of developing, implementing and monitoring Technology and Information risk management programs in the entity.
Individual will communicate Risk ICT management policies, guidelines and standards across the organization ensuring security and technology risks are identified and managed effectively.
Provides advisory, and on-going support to IT and business line leaders regarding information technology and security best practices and trends.
Rely on Independent Risk assessment to validate effectiveness of controls and identify areas of focus.
Solid understanding of the Information Security threat environment, access controls and information technology control environments is also required.
ROLE AND RESPONSIBILITIES
Assisting ORC entities in :
Contributing in the definition and the prioritization of controls and mitigation actions.
Supporting in the elaboration of ICT Risk materials as part of Risk and IT strategic committees.
Project plan and actions plans related to the framework deployment.
Project plan and reviewed results for risks assessments exercises.
Plans and reviewed reports for technical independent testing.
Incidents analysis and post incidents analysis and review.
Major ICT Risks Heatmap per entity and consolidated view at cluster level.
Reviewed Mitigation actions plans.
Risks ICT synthesis and reporting within key strategic committees.
Committee’s charter, materials and minutes related to ICT Risk community animation.
7 years minimum of experience cumulative experience in cyber security or IT risk management domains,
10 years minimum of experience professional (plus)
Robust knowledge of technology, architectures and related tools
ICT risk skills : IT, Cyber security standards and technologies, Risk Management components (risk identification, assessment, monitoring, mitigation)
GRC tools and other risk management information system
Is a plus the Cyber security or IT Risk certifications strongly appreciated (ex : CISSP, CISM, CRISC, etc.)
Good knowledge of at least one of Banking Business Lines is a plus
Good stakeholder management skills.
Good listening and analytical skills being able to come to a thoughtful and business focused conclusion quickly.
Ability to manage the workload as to meet the realistic targets and priorities set in conjunction with management.
Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate.
RISKS Education Level Master Degree or equivalent (>
4 years) Experience Level Not Indicated Behavioural Competencies Transversal Competencies