MISSION AND OBJECTIVES
The Information and Communications Technology (ICT) Risk department is part of the Group RISK ORM Functions within BNP Paribas. It is a part of the 2nd Line Of Defence (2LOD) under the Bank’s Chief Cyber & Technology Risk Officer. Among others, the department has responsibility for identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions.
This is achieved by delivering:
- Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks. Tracking issues and agreed actions to completion.
- Horizontal Risk Assessments: Assessing technology risks in relation to a particular theme or technology across the organization. Examples could be assessments of the firewall change process, applications processing >$5m per day, applications hosted in the cloud, etc.
- Vertical Risk Assessments: Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.) or our Internet connectivity.
- Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions.
- Recurrent analysis of maturity of controls on all entities of the Group.
Independent Technical Testing (ITT) is one of the activities of the Information and Communications Technology Risk department. You will join this team and participate to internal assessments to identify Information and Communications technologies risks, including these linked to Cyber Security with a BNP Paribas Worldwide scope.
Integrated in the Global RISK ORM ICT Iberian CoE, the Assessor shall be an all-round specialist in Information and Communication Technologies, which include IT Processes, Governance, Architecture, Network, Systems, Application, Cyber Security and Continuity related subjects. The assessor shall be competent to improve team skills on some ICT subjects and ensure the quality, relevance and traceability of all identified gap.
As an assessor, you will interact directly with customers at all levels of managements, and be able to synthetize, popularize technical findings and identify risk. Your excellent interpersonal and verbal/written communication skills will help to ensure the good roll out of assessments.
As part of the team, you will also have the chance to help to improve the assessment methodology and to develop the team tooling to improve the relevance of the findings.
- Provide independent advice and timely assurance to management on the adequacy and effectiveness of policies, process, systems and controls.
- Contribute to the development and implementation of a comprehensive assessment methodology and the tooling associated to deliver consistent reports.
- Schedule and plan assessments with customers, assessors and team members.
- Interact with customers of all level of management.
- Document and report results of investigation by ensuring the quality, relevance and traceability of the weaknesses identified.
- Ensure the on time delivery of complete and accurate reports.
- Leading and overseeing the life cycle of an assessment.
TRAINING AND OCCUPATIONAL EXPERIENCE
- Master Degree or equivalent in ICT domains.
- 3+ as IT assessor.
- Industry-recognized information security certifications such as CISSP, CISA, CISM, CRISC.
- Mastery of delivering formal deliverables such as PowerPoint presentation, reports or procedures.
- Demonstrated ability to communicate effectively and to present in a structured approach.
- Mastery of MS Office skills.
- Good knowledge of ICT subjects.
- Demonstrated ability to communicate effectively with stakeholders and technical staff.
- Excellent written and verbal communication.
SKILLS AND BEHAVIOURS
- Proactivity, transparency and clear accountability for the determination and management of behavior risks
- Consistently develop and leverage the teamwork between peers, management and stakeholders
- Eye for details, ability to process high quantity of documents and correlate them
- Ability to manage their workload independently to meet their targets, and priorities set in conjunction with management.
- Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate.
- Ability to work under strict timelines and at pressure situations to manage the delivery.
- Highly organized, with a proven ability to manage a wide number of subjects at any given time.
- Be an enthusiastic and committed team player
- Prepared to travel internationally
ESSENTIAL SPECIFIC REQUIREMENTS
Mastery of concepts related to network infrastructures, information system security including emerging threats and attacks methodologies, for example:
- Knowledge and experience in ICT Security framework, such as Cobit, ISO 27001, PCI, etc.
- Knowledge and experience in IT audit / ITGC controls testing / technical assessments, preferably in the areas of Cyber and Technology domains in a financial institution.
- Network security, network equipment configuration, network protocols, network standards, supervision, "Conceptual Skills," "Decision Making," "Informing Others," functional and technical expertise, reliability, information security policy.
- Recognized skills for the integration of different security or data protection technologies within a coherent architecture to effectively cover the risks of the company.
- Mastery of technical testing tools and script development
- Good technical understanding of security technologies, including intrusion detection/prevention, correlation of events, firewall, antivirus, anti-spam, policy tightening, patch management and configuration management, audit, security development technique, etc.
- Knowledge of cryptographic standards for encryption, electronic signature, key management infrastructure (PKI).
- Good understanding of native platforms or common applications such as (non-exhaustive list): UNIX, Linux, Windows, Android, IOS, Oracle, MS SQL, Microsoft Outlook, J2EE and.NET applications, etc.
Compromiso de Diversidad e Inclusión
BNP Paribas Grupo en España es un empleador que ofrece igualdad de oportunidades y se enorgullece de brindar igualdad de oportunidades de empleo a todos los que buscan trabajo. Nos comprometemos activamente a garantizar que ninguna persona sea discriminada por motivos de edad, discapacidad, cambio de género, estado civil o de matrimonio, embarazo y maternidad/paternidad, raza, religión o creencias, sexo u orientación sexual. La equidad y la diversidad están en el centro de nuestra política de contratación porque creemos que fomentan la creatividad y la eficiencia, lo que a su vez aumenta el rendimiento y la productividad. Nos esforzamos por reflejar la sociedad en la que vivimos, manteniendo la imagen de nuestros clientes.