CYBER FRAUD RISK MANAGEMENT SPECIALIST (2LoD) BNP PARIBAS CIB- RISK HUB
BNP Paribas is a leading bank in Europe with an international reach. It has a presence in 68 countries, with more than 193,000 employees, including around 148,000 in Europe. The Group has key positions in its three operating divisions: Retail Banking, Investment and Protection Services and Corporate and Institutional Banking, which serves two client franchises: corporate clients and institutional investors.
BNP Paribas Corporate and Institutional Banking is a globally recognised leader offering capital markets, securities services, financing, treasury and advisory solutions.
RISK Operational Risk Management (RISK ORM) CIB belongs to the second line of defence of BNP Paribas Corporate and Institutional Bank (CIB). It belongs to the Risk Function (RISK) of BNP Paribas (RISK) and is placed under the responsibility of the Head of RISK ORM CIB, who reports to the CRO of CIB.
The department has responsibility for independently challenging and supervising the Operational Risk management of CIB activities (Global Banking, Global Markets, Securities Services, Information Technology (IT), Operations and Functions) on a worldwide scope. In the territories that CIB operates, there is responsibility to cover the Assets Liability Management and Treasury (ALM-T) operations too. This is achieved through: framing operational risk methodology for CIB and disseminating of risk management culture across CIB; assessing the adequacy of the CIB operational risk management set-up; controlling effectiveness of CIB control environment; contributing to the detection, anticipation and response to risks; alerting CIB and RISK stakeholders on any significant risk issue; providing a consolidated view on CIB operational risks profile.
As the second line of defence for Fraud risk management (interchangeably called Anti-Fraud), RISK ORM has the responsibility for oversight and supervision on Fraud risks for CIB, ensuring and opining that appropriate Fraud risk management efforts are underway and raise any alerts in case of issues to the stability of the Bank and influencing business, functions and technology partners to take sound risk management decisions.
PURPOSE: The Fraud risks including, but not limited to, External fraud and Internal Fraud, data leakage prevention due to fraud, fraud through suppliers, Frauds where customers are a victim are a key topic for losses, reputational impact and systemic operational risk for financial services. This role exists to supervise and oversee independently the management of such risks. Supervise and oversight on Fraud Risk management. Independently perform testing on Fraud risk management initiatives to provide independent opinion.
SCOPE: Global CIB (including BP2S) and with specific focus on Fraud risk related to cyber-crime.
The candidate will be responsible for independently operating and implementation of an oversight framework for Fraud Risk Management primarily and co-ordinate with global RISK ORM teams to develop an overall Fraud risk profile for CIB.
Frameworkto review, analyse and challenge the Fraud risk management framework and in particular the norms and standards, consistently with RISK ORM guidelines, and validate any exemption to these norms and standards.
Governanceto assist in preparation, organisation and secretariat the committees at CIB level in relation to Fraud risk management, in liaison with relevant global RISK ORM teams including from CIB and other operating divisions.
Risk Identification and Assessment: to challenge and verify Fraud risk identification, ensure the consistency of potential incidents quantification, conduct independent Fraud risk assessment (incident review, post mortem analysis…), and validate closure of permanent control actions.
Risk Treatment and Decision: to oversee of the risk treatment process (risk acceptance, risk transfer, risk remediation) performed, give opinion in co-decision Committees (e.g.: NAC/TAC or similar) escalating in case of disagreements, challenge and independently opine on CIB’s Fraud risk profile, key decisions and remediation plans.
Testing: to perform independent challenge and testing of CIB Fraud controls.
Risk Reporting, Monitoring and Alert: to validate Fraud risk monitoring; to provide independent Fraud risk reporting & consolidated view to CIB and RISK management and supervisors; to support management on incidents and crisis management (e.g. Fraud events); to alert Senior Management and stakeholders on critical points for attention.
Awareness / Training / Animation: to promote and drive awareness on Fraud risks across CIB; to assist in organising risk meetings, forums and committees with community members.
Specific activities, but not limited to these activities, that are required to be performed by the role:
- Independently conduct Cyber fraud investigations related to data breach and security incidents, including but not limited to:
- Recover and examine data from systems and electronic storage devices.
- If required, dismantle and rebuild damaged systems to retrieve/investigate lost data.
- Identify additional systems/networks/databases/applications compromised by cyber-attacks.
- Preserve data from a variety of platforms and sources; including laptops, desktops, servers, cloud services, mobile devices, and storage media in a manner that follows industry best practices and maintains forensic integrity.
- Keeping abreast of emerging technologies, software and methodologies.
- Providing research, design, and train personnel on internally designed technologies; evaluate emerging fraud technologies and provide operational security assessments.
- Work in conjunction with IT security dept., with the ability to propose solution and challenge their framework
- Provide independent risk opinion and challenge on Cyber fraud Reports by First line of Defence teams.
EXPERIENCE, QUALIFICATIONS & COMPETENCIES:
Skills and Experience Required:
Successful candidate will have exposure to operating in risk management programs in global organizations, with robust knowledge of technology, risks, architectures and related tools. Prior IT continuity or IT risk management experience (IT, Cyber, resilience etc.) and exposure to the Financial Services industry is a must. Experience with Governance, Risk and Compliance (GRC) tools and other risk management information systems is preferred.
The individual will assist in the preparation / contribution to the development of independent testing controls and support the wider RISK ORM community globally in defining better maturity models for independent testing. Excellent presentation skills are necessary. Experience interacting with regulatory agencies is a plus.
- Suitable experience (5+ preferred) in any of the disciplines – Fraud risk management, fraud examinations, IT risk management or IT continuity.
- Bachelor degree in Information Technology, Information Security, Business or Risk Management (or equivalent professional qualification).
- Ability to independently investigate complex cases including cyber security incidents, intellectual property theft, fraud and abuse, asset misuse, and violations of corporate policy.
- Team player – focus on the success of the whole team. Working well both with others, as well as individually.
- Excellent stakeholder management skills.
- Experience in a 2LoD, Risk function, operations or an Internal Audit role.
- Good listening and analytical skills – being able to come to a thoughtful and business focused conclusion quickly.
- Ability to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits.
- Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate.
- Adapting personal approach to suit situations, individuals, groups and cultures.
- Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well.
- Being rigorous and thorough – especially when logging and tracking issues through to conclusion.
- Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management.
- Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business.
- Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate.
- Good knowledge of Internal and external fraud risk management, cyber security, IT concepts.
- Understanding of the banking industry's regulatory requirements on Fraud and ICT (e.g. Article 325 of the Treaty on the Functioning of the European Union, EBA Guidelines on ICT and security risk management etc.)
- Ability to articulate risk management concepts in business language
- Excellent written and verbal communication skills
- Proficient with Microsoft Office Suite
- Prior experience documenting tool requirements to support risk management
- Ability to travel to vendor sites and perform assessments as necessary
- Proven ability to manage issues through to resolution; skilled at making judgment calls.
- Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times
- Industry certifications (e.g. ACFE, CISA, CRISC) or willingness to obtain the same
- Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework.
- Multilingual capability with English proficiency (+ French or Spanish) is preferred.
- Be a role model, supporting and fostering a culture of good conduct.
- Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks.
- Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure.