At Bank of the West, our people are having a positive impact on the world. We’re investing where we feel we can make the most impact, like advancing diversity and women entrepreneurship programs, financing for more small businesses, and promoting programs for sustainable energy. From our locations across the U.S., Bank of the West is taking action to help protect the planet, improve people’s lives, and strengthen communities. We are part of BNP Paribas, a global leader supporting the UN Sustainable Development Goals (SDGs). Yes, we’re a bank, but as the bank for a changing world, we are continually seeking to improve the ways we help our customers, while contributing to more sustainable and equitable growth.
Reporting to the Controls & Governance Manager, you will be responsible for the development, implementation and oversight of risk and compliance management programs in the first line of defense using BNPP’s Risk Framework. You will ensure the overall effectiveness and adherence to the governance of the established risk framework and ongoing evaluation of business controls. As a member of a high performing team you will be responsible for risk and control self-assessments, identifying control failures, facilitating risk and compliance remediation, and monitoring the first line of defense in an effort to minimize risk exposures and strengthen the overall control environment.
Essential Job Functions
- Completing an RCSA using an ERM application will include: 1) Establishing Risk Parameters, 2) Determining Inherent Risk Ratings, 3) Matching Controls to Related Risks, 4) Rating the Controls Effectiveness, 5) Establishing New Controls Where Gaps Exist, 6) Determining Residual Risk, 7) Presenting Assessment Results to Leadership, and 8) Responding to 2LOD’s Creditable Challenge of Assessment Results.
- Technically savvy with the ability to perform assessment of the IT infrastructure, hardware, software, IT processes, data containment IT Architecture, Server Environments, SDLC, Coding Practices, DevOps, Agile Development Practices and Data Privacy.
- Provide support for internal, external and regulatory audit request. Assist IT groups in the development of evidence to remediating findings.
- Develop ad-hoc reports supporting the risk profile for IT processes.
- Assume a leadership role coordinating engagements and providing instruction to team members.
- Partner with key stake holders in the assessment of third parties.
- Advise senior management and influence process change.
- Educate risk owners on risk management best practices and work with other risk functions in the development and implementation of risk controls.
- Demonstrated critical thinking, leadership skills and decision-making capabilities.
- Assess the organization’s cyber risk strategy and posture, as it relates to data risk, cyber risk management, cyber risk frameworks and policies, and/or cyber risk measures, methods, and reporting.
- Deliver key messages with clarity, confidence, and poise to instill confidence process owners.
Other Job Duties
- 1LOD is perceived as a consultant to the IT community proactively developing strategies to mitigate risk and add value to the enterprise. Develop relationships and grow into a subject matter expert role supporting IT processes.
- Keep abreast of IT industry advancement and changes in the regulatory environment to bring best practices and suggestion to the Bank.
- Provide mentorship and guidance to team members assisting them take the next professional steps.
- 7+ years’ experience in risk management, general computer risks, audit and controls knowledge of banking IT environments and regulations.
- Working knowledge of the FFIEC Framework, NIST Cyber Framework, ISO 27000 Series, COBIT, ITIL, SOX etc., employed to enhance the IT Control environment at the Bank.
- Leadership or managerial experience.
- Ability to collaborate with 2LOD and 3LOD.
- Obtained or in pursuit of certifications (i.e. CISA, CISSP, CISM, CRISC, CIA, CPA).
- Internal, External or Regulatory audit experience is a plus.
- Familiarity with Governance Risk and Compliance (GRC) software to manage risk and control documentation.
- Excellent writing and presentation skills.
- Tactful and diplomatic when engaging with all level of management always maintaining a professional demeanor.
- Experience in financial services or banking industry with understanding of financial services regulatory environment
- Familiarity with ERM applications such as Archer or OpenPages.
- Experience in IT operations and/or application support
- Proficiency in PC tools (Microsoft Suite, including: Word, Excel and PowerPoint)
- Proven analytical skills with strong attention to detail and quality control of work product
- Proven experience working in an ambiguous environment with proven ability to explain complex concepts and support points of view.
- Excellent analytical skills with strong attention to detail and quality control of work product. Excellent interpersonal skills - ability to foster relationships and create informal networks.
- Ability to think outside the box, respectfully challenging process and providing unique solutions.
- Build and cultivate positive working relationships with stakeholders while embedding a risk and security focused mindset across business units.
- Able to work on multiple projects and meet deadlines.
Equal Employment Opportunity Policy
Bank of the West is an Equal Opportunity employer and proud to provide equal employment opportunity to all job seekers without regard to any status protected by applicable law. Bank of the West is also an Affirmative Action employer - Minority / Female / Disabled / Veteran.
Bank of the West will consider for employment qualified applicants with criminal histories pursuant to the San Francisco Fair Chance Ordinance subject to the requirements of all state and federal laws and regulations.