MISSION AND OBJECTIVES
The Information and Communications Technology (ICT) Risk department is part of the Group RISK ORC Functions within BNP Paribas. Under the Group Chief Cyber & Technology Risk Officer, among others, the department has responsibility for identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions.
This is achieved by delivering:
- Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks. Tracking issues and agreed actions to completion.
- Horizontal Risk Assessments: Assessing technology risks in relation to a particular theme or technology across the organization. Examples could be assessments of the firewall change process, applications processing >$5m per day, applications hosted in the cloud, etc.
- Vertical Risk Assessments: Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.) or our Internet connectivity.
- Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions.
The GRC consultant will be integrated in the functions of the Group Data Management department which is responsible for:
- Driving the data management risk agenda through the development and oversight of the execution of data management frameworks across the Group.
- Business analysis for the configuration of Group tools where the RISK ORC ICT are identified as playing this role.
- Lead design and implementation of GRC processes for RISK ORC ICT, designing, deploying, maintaining and supporting ICT risk management tools.
- Develop and implement the second line of defence data management control plans.
- Data governance and support around the tools used by the RISK ORC ICT teams.
- Strategic management of the ICT technology landscape within RISK ORC ICT, including support and change management.
- Liaising with the Group Chief Data Office (CDO) and Group Data Protection Office (DPO) networks to monitor data management risk requirements and exposure.
- Perform independent reviews of data management risks and controls.
- Advise on data management aspects of Group large digital programs.
DESCRIPCION PUESTO (Tareas a realizar/Responsabilidades)
Detallar de una forma concisa que funciones va a realizar la persona
The Data Management Risk team plays an integral role in managing data management risks within the Bank within the Information and Communications Technology Risk department. Your day to day responsibilities as Data Management Risk, operational support personnel will include:
- Participate in GRC discussions for the implementation of additional modules in ServiceNow or advise on best approach to implement required changes from the end users.
- Contributing to tool development and sprint discussions and related testing and development of documents.
- Active administrative support for the RISK ORC ICT tools (Servicenow and PowerBI).
- ServiceNow ad-hoc tool configuration requests.
- Implementing data quality controls within the team and related analysis and reporting.
- Business analysis of tool implementation requirements.
FORMACIÓN REQUERIDA (conocimientos, Formación especializada)
TRAINING AND OCCUPATIONAL EXPERIENCE
• Bachelor’s degree from an accredited college/university or equivalent work experience in Computer Science, Information Technology, or a similar discipline.
• Strong understanding of IT Risk Control Frameworks to manage the ICT Risk (e.g. ISO27001, NIST, PCI, GDPR…).
• At least 2 years of experience configuring and providing administrative support for tools particularly Service Now.
• Hands-on experience in analytics and reporting tools (e.g. PowerBi, Tableau, QlikView…);
• Demonstrated ability to communicate effectively and to present in a structured approach.
• Mastery of MS Office skills.
• Good knowledge of ICT subjects.
• Demonstrated ability to communicate effectively with stakeholders and technical staff.
• Excellent written and verbal communication.
High level of English
PERFIL PERSONAL/ COMPETENCIAS
Actitudes necesarias para el desarrollo del puesto
SKILLS AND BEHAVIOURS
• Basic understanding of risk management.
• Business analysis skills - ability to understand requirements and delivering these requirements in the context of tool implementation.
• Good stakeholder management skills.
• Ability to independently trouble shoot issues raised by end users and provide timely and efficient administrative solutions.
• Ability to communicate effectively with both internal and external stakeholders.
• Flexibility when dealing with multiple stakeholder requests, delays in implementations.
• Ability to meet strict deadlines to maintain data quality within our target tools.
• Showing initiative to manage own research efforts.
• Team-player – focus on the success of the whole team. Working well both with others, as well as individually.
• Good listening and analytical skills – being able to come to a thoughtful and business focused conclusion quickly.
• Ability to co-operate and work well with others adopting an approachable style – Important as we work closely with a large and diverse set of suppliers and customers.
• Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate.
• Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done.
• Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well.
• Being rigorous and thorough – especially when logging and tracking issues through to conclusion.
• Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management.
• Excellent presentation and executive presence skills are necessary.
ESSENTIAL SPECIFIC REQUIREMENTS
• Excellent understanding of GRC tools, particularly Service Now (and other such as Archer…).
• Trained as Service Now system administrator.
• Strong MS Office skills (core applications).
• A good understanding of large-scale technology infrastructure.
• Experience of formal document creation, such as the creation of presentations, reports or procedures.
• Presenting documentation in a professional and well-structured format.
• Strong MS Office skills (core applications).
• Good proficiency in English language is mandatory.
• Good proficiency in French language is preferred.
• Be a role model, supporting and fostering a culture of good conduct.
• Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks.
• Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure.