In order to contribute to the durability of Bank’s activities and regulatory compliance duties the IT Governance, Risk and Controls Management is responsible to ensure that territory IT risks are properly managed and reported in accordance with regulatory requirements as well as Group, Global and Local IT policies and procedures.
IT Governance, Risk and Controls (GRC) management responsibilities for North America entails utilizing the framework defined by Group IT Governance of BNP Paribas as well as the Group IT Risk Management framework. IT GRC works with Information Technology teams that support the following IT functions; such as Application Development and Support, IT Production (Infrastructure); Information / Cyber Security, Information Continuity, Business Continuity and Third-Party Risk Management. IT GRC lead the IT Governance, Risk and Controls Program and assists IT management to develop, maintain and perform testing to ensure sustainable Information Technology and Information Security processes and controls. IT GRC facilitates process reviews, Risk and Control Self-Assessments, IT Risk Identification and Controls Assessment Assessment and develop, distribute and present Management reporting related to IT Governance Risk and Controls and acts as a liaison for External Audits and Regulatory Examinations interactions.
MISSION AND OBJECTIVES
The mission of the IT Risk Analyst is to contribute to the continuous improvement of the IT Governance, Risk and Controls around the IT infrastructure and business systems of CIB Americas. This includes the measurement and management of the IT risk, within the IT Activities linked to the ICT (Information and Communication Technologies) in declination of the framework defined by Group IT governance of BNP Paribas, as well as the deployment and coverage of the Group IT Risk Management framework.
• Coordinate with the appropriate personnel to perform internal controls assessments, report on the results of the internal control assessments and coordinate any necessary follow up actions to address control weaknesses or opportunities for improvement.
• Perform Controls Testing and Validation
• Conduct IT Governance, Risk and Controls related Awareness / Training sessions with IT Personnel as well as Team members
• Contribute to the development and management of IT policies and procedures, and other activities
• Assist with Management, Maintenance and Administration of the Team’s Sharepoint sites;
• Develop, Create, Distribute and Present Reporting data, obtain and incorporate updates
• Assist with the Project Management Activities related to the IT Governance, Risk and Controls team activities
• Monitor, Track and Follow-up on activities and initiatives
• Assist with coordination and communication of information provided by Group / Global IT or other Global / Local teams
• Assist with coordination and the Collection of information and ensure timely reporting and follow-up of open items
• Identify and Assess Information Security and Information Technology risks
• Maintain and distribute the assignment of controls amongst team members, assist with the coordination and training of new and existing team members;
• Assist with maintaining standard operating procedures within the team
• Assist with the development of Executive Management level - Reports, Dashboards, Status Reports, Meeting Minutes,
• Participate and conduct team and Management Meeting – capture and distribute meeting minutes
• Assist with the maintenance and updates to the Control Repository, and Risk Register.
TRAINING AND OCCUPATIONAL EXPERIENCE
• Bachelor’s degree in Computer Science, Information Systems, Information Technology, Engineering, Information Security, or related field
• Minimum of 3 years of related experience in Information Technology and / or Information Security Risk Management and Controls, Information Technology Audit or Governance of Information Technology or a related field. In addition, 2 to 3 years hands-on IT/Security experience is desirable.
• Exposure to developing processes, implementing controls and writing policies or procedures by liaising with IT and Business personnel.
ESSENTIAL SPECIFIC REQUIREMENTS
• Bilingual : English and French
• Strong communication skills, both verbal and written
• Ability to identify and propose opportunities for process (and control) improvements.
• Ability to conduct meetings, and carry out day-to-day operational work
• Ability to create Executive level reporting
• Proficiency in MS Office (specifically Excel, PowerPoint, Word), SharePoint Administration and Development, VISIO, Powerpivot, Macros and VBA (Visual Basics)
• Good organizational skills and ability to manage multiple tasks simultaneously.
• Diligent, Proactive, and Ability to work effectively, independently and within teams
• Strong problem solving and analytical skills
• Professional certifications desired such as CRISC, CISA, CISSP, CISM, CGEIT or CIA
• Familiarity with COBIT, ITIL, FFIEC, ISO/IEC 27001, ISO/IEC 9001, ISO/IEC 20000, SOX and other related control frameworks or legislation and regulatory sources is a plus.
• Experience with Archer system desired; or a similar Governance, Risk and Compliance Tool (GRC Tool).
A recruitment policy that promotes equity and diversity:
Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.
We pride ourselves in applying non-discrimination rules to all our recruitments.
We will only contact the candidates selected who meet the job requirements in terms of training and experience.
About BNP Paribas
BNP Paribas is a leading bank in Europe with an international reach. It has a presence in 73 countries, with more than 195,000 employees, including more than 148,000 in Europe. The Group has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realise their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, the Group has four domestic markets (Belgium, France, Italy and Luxembourg) and BNP Paribas Personal Finance is the leader in consumer lending. BNP Paribas is rolling out its integrated retail-banking model in Mediterranean countries, in Turkey, in Eastern Europe and a large network in the western part of the United States. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas also enjoys top positions in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific.
About BNP Paribas in Canada
In Canada, BNP Paribas is one of the dominant foreign banks in the country and is committed to building its platform even further. Since becoming the operational hub for the Group’s activities in North America in 2013, it has grown significantly to reach more than 700 employees and is expected to continue growing in the coming years. With the continued development of technology and financial fields, BNP Paribas Canada continues to attract experts with diverse backgrounds as well as young and ambitious talent from across the globe. With the international mobility and capacity that very few companies can offer, BNP Paribas prides itself in providing a superior foundation for building a professional career - a place for people to learn, to achieve and grow.