BNP Paribas is a leading bank in Europe with an international reach. It has a presence in 73 countries, with more than 196,000 employees, including around 149,000 in Europe. The Group has key positions in its three main activities: Domestic Markets, International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors.
BNP Paribas Corporate and Institutional Banking is a globally recognised leader offering capital markets, securities services, financing, treasury and advisory solutions.
Business Area / Department Overview
In charge of periodic control (third line of defense), Inspection Generale carries out the function of internal audit and contributes to the protection of the activity and reputation of the BNP Paribas Group.
Inspection Generale provides an objective assurance of Risk Control to BNPP Group operations globally and is headed by the Inspecteur General who reports directly to the Group CEO.
Within Inspection Generale (IG), you will operate as a member of the Hub UK, which is a geographical Audit Hub, covering all activities in the UK.
The Hub has several distinct audit teams (around 70 auditors), all based in the UK. These teams are split by business activity covering all activities within their area of responsibility. Each team is headed by a direct report to the Head of Hub, who supervises the audit for the activities he/she is responsible for. The Head of Hub reports to a Deputy Head of IG Head Office.
The Hub’s remit is to provide audit services to the Businesses, Operations and Functions in the UK in close liaison with Senior Management and Head Office entities. There is also a strong coordination to be expected with other Hubs. The main focus is to help the organisation accomplish its objectives by bringing a systematic approach to evaluate and improve the effectiveness of the Governance, Risk management, and internal Control (GRC) processes.
Assignments can be transversal and/or thematic as well covering a specific activity or topic across several product or business lines.
The Audit Hub provides employees with an excellent grounding in all aspects of the business, and regular interaction with Management enables strong relationships to be built, allowing a robust understanding in all aspects of the businesses.
Inspection Generale is recognised internally as a key talent pool within the BNP Paribas Group.
Having performed successfully in this role, the individual will have the benefit of a broad range of career opportunities within the BNP Paribas Group - both within Internal Audit and wider business lines/functions; in the UK and abroad. A comprehensive training programme is in place to ensure continued professional development.
Purpose & Scope of Role
The overall purpose of this position is to perform IT and Cyber Security Audit work in accordance with IG standards and methodology in order to strengthen bank’s IT and Cyber Security control environment.
Key Responsibilities of Role
- Participate in the audit team assignments and special reviews (when required by regulators, business lines, or senior management)
- Contribute to the planning and preparation of the assignment e.g. understanding the methodology, acquiring a deep knowledge of the activities to be covered, understanding the detailed technologies, gathering relevant key figures, etc.
- Develop a thorough understanding of the activities within the scope of the assignment, its strategy and governance, and the related risks.
- Evaluate the overall setup and identify the main areas of risk (including a comprehensive assessment of the management actions).
- Execute detailed investigations leveraging on a strong technical knowledge in various IT systems (Databases, Operating systems Linux/Windows, Cybersecurity/Network security, Virtualization, containerization, Cloud Computing and related risks)
- Leverage on adequate programming languages and scripting to perform efficient investigations by automating analysis.
- Demonstrate strong understanding of the standard IT and cybersecurity risks, controls and technologies in order to effectively evaluate them and identify potential risks.
- Follow audit professional standards and regulatory requirements in the performance of the day-to-day function of internal auditor.
- Prepare “easy to follow” work papers with particular focus on traceability and analysis to support findings.
- Articulate the aggregated findings in simple manner and recommend appropriate actions to the management in order to remediate the identified weaknesses and their root cause(s).
- Formalize the results of the assignment investigations and contribute to the production of the assignment deliverables.
- Validate the factual accuracy and present the conclusions of the assignment fieldwork to the senior management.
Review the implementation of the Inspection Générale recommendations
- Review and challenge the actions defined to remediate the weaknesses identified by the audit team through its assignments.
- Ensure the adequacy of the answers to address permanently the gaps following accurately the recommended actions.
- Perform relevant control testing to ensure the proper implementation of the actions.
- Contribute to the improvement of the Inspection Générale practices through sharing industry and organizational best practices, and influencing constructive ideas towards enhancement of our audit methodologies.
Travelling requirement : below 30%
Experience, Qualifications & Competencies
Technical and Behavioral Competencies required
- At a minimum, strong fundamental knowledge of “Cyber Hygiene Controls” and technologies supporting these.
- Cyber Hygiene Controls such as :
- Asset/ Inventory Controls
- Vulnerability Management
- Privileged Access Controls
- Configuration Management
- Security Monitoring / Logging / Alerting
- Strong technical background in IT Infrastructure and key IT processes (including IT production / IT systems expertise)
- Be familiar and comfortable with AGILE methodology for the delivery of audits.
- Outstanding analytical skills
- Quick Learner
- Ability to synthesize and articulate the core issues in simple manner.
- Excellent writing and presentation skills (in English)
- High level of initiative, commitment, and drive
- Ability to work effectively under pressure and within challenging deadlines
- Promotes a constructive, cooperative, and participative teamwork environment
- Possess a Bachelor’s / Master’s Degree in Information Technology/ Management Information System / Computer Science and related discipline;
- Not less than 3 years of experience in external auditing / internal auditing / IT / risk / compliance / internal control / operations in the financial services industry.
- Professional Qualification/Certificate in Audit, e.g. CISA, CISSP, CISM, CCSP.
- Creativity & Innovation / Problem Solving
- Ability to collaborate / Teamwork
- Ability to synthesise / simplify
- Ability to understand, explain and support change
- Ability to anticipate business / strategic evolution
- Ability to inspire others & generate people’s commitment
- Ability to develop and leverage networks
Education Level: Bachelor Degree or equivalent
- Experience Level : At least 3 years
Other/Specific Qualifications (any of these skills is highly appreciated)
- Information Technology – Systems
- Operating Systems : Linux/UNIX, Windows
- Databases Management Systems: Oracle, SQL Server, NoSQL, MariaDB, MongoDB
- Data Analytics: Elasticstack, Kafka, Tableau, Power BI, R, Python (Panda, Matplotlib, SciKit)
- Cloud Technology: AWS, Azure - Containers Kubernetes, Docker
- Identity Access Management: Sailpoint, CyberArk, Oracle Identity Management , Single Sign-On : WEB SSO
- Network Security: Strong network knowledge, (routing, Firewalls), Proxies (WEB, Reverse Proxy),
- System security
- Security configuration, Patching, vulnerability scanning (Nexpose, Nessus), Active Directory. LDAP
- Application security: OWASP, WAF, Scanning (Qualys, Rapid7, Tripwire, Fortify)
- Penetration Testing / ForensicsTools: Kali Linux (Burpsuite, nmap, zap, dirbuster, metasploit, …)