Management Consultant
BNP Paribas
há 10 dias

BNP Paribas is a leading European bank with an international reach. It has a presence in 74 countries, with more than 192,000 employees including more than 146,000 in Europe and over 4,000 in Portugal alone.

BNP Paribas is present in Portugal since 1985, having been the first foreign bank to operate in the country. Today, BNP Paribas has several entities operating directly in this territory, offering a wide range of integrated financial solutions to support its clients and their businesses.

Worldwide, the Group has key positions in its three main activities : Domestic Markets and International Financial Services (whose retail-

banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises : corporate clients and institutional investors.

The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance.

The Information and Communications Technology Risk department is part of the Group Risk Functions within BNP Paribas. It is a part of the 2nd line of defence under the Bank’s Chief Cyber & Technology Risk Officer.

Among others, the department has responsibility for identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions.

This is achieved by delivering :

  • Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks;
  • tracking issues and agreed actions to completion

    Horizontal Risk Assessments : Assessing technology risks in relation to a particular theme or technology across the organization

    Vertical Risk Assessments : Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.

    or our Internet connectivity

    Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions

    Recurrent analysis of maturity of controls on all entities of the Group

    Involved in running and improving the development and implementation of the worldwide ICT risk assessment program, the Management Consultant will have proven track record of developing and implementing risk assessment programs in global organizations, with robust knowledge of technology, risks, architectures and related tools.

    Prior ICT risk experience (IT, Cyber, Vendors, etc.) is required.

    The Management Consultant will develop, use and communicate the risk assessment engagement models to ensure that ICT risk considerations are accounted for in all the bank’s operation.

    Moreover, the Management Consultant will be responsible for the Risk Management environment, namely :

    Identification and assessment of operational risks that must be effectively performed across the organization by correlating inputs from Audit Findings, Internal Loss Data Collection & Analysis, External Data Collection & Analysis, Risk Control Self Assessments, Business Process Mapping, KPIs & KRIs, Scenario Analysis, Quantified Measurement & Comparative Analysis

    Participate to the implementation of a process to regularly monitor operational risk profiles and material exposure to losses and provide appropriate reporting mechanisms to the board, senior management and the business lines.

    Data capture and operational risk reporting should be continuously enhanced and provide a feedback loop to enhance risk management policies, procedures and practices

    Improve the effectiveness of the Internal Controls program by reviewing the control environment; assess risks in processes, control activities, information and communication and monitoring activities.

    And, assesse operational risk response strategies

    Provide updates on regulatory and financial disclosure while complying with external and regulatory communications standards and disclosing the operational risk management framework of the bank in a manner that complies with the formal disclosure policy approved by the board of directors

    Participate in the establishment of the IT & Cyber Risk Assessment Program for the bank within the three lines of defense model in alignment with the Group Risk Management Framework

    Participate to the effective implementation and communication of Operational Risk Management policies and guidelines

    Provide support to other teams with respect to management of security and technology risks of core systems and applications

    Participate in the overseeing of the Operational Risk Management infrastructure and ensures practices are consistent with regulatory expectations and industry sound practices

    Provides IT & Cyber Risk Management consulting to the business, technical and operations groups

    Participate to appropriate Risk Management governance committees and arranges agendas as appropriate

    Participate to the GRM’s oversight model for the IT and Operations Transformation projects including the review of major outsourcing partners

    Master Degree in ICT domains (or equivalent)

    Minimum experience of 3 years in Security and Technology assessments

    Experience in Financial Services industry

    Experience in Information Security, namely in Risk Assessment, Third Party and technology assessments

    Experience in GRC tools and other Risk Management Information Systems is a plus

    Professional qualification relevant to Information Security (such as a university degree, CISSP, CISM or CRISC)

    Knowledge of Regulations in the Financial sector (i.e., Basel, ECB, AMF, FSA, FFIEC, SMA, HKMA, FED, among others)

    Excellent understanding of emerging technologies : CLOUD, IoTsThorough understanding of the ISO27005 and overall the ISO 2700X series of standards and guidelines

    Knowledge of Archer Technologies SmartSuite Framework and Tufin

    Operations Management will be a plus

    Proactive and problem solver

    Solid communication and interpersonal skills

    Fluent in English

    Please note that only applications submitted in English will be considered.

    Adicionar aos favoritos
    Remover dos favoritos
    Meu e-mail
    Ao clicar em "Continuar", você concorda que a neuvoo coleta e processa seus dados pessoais, que você forneceu neste formulário, para criar uma conta neuvoo e assinar nossos alertas por e-mail, de acordo com nossa Política de Privacidade . Você pode retirar seu consentimento a qualquer momento, seguindo estas etapas .
    Formulário de candidatura