Bank Overview
BNP Paribas is a leading bank in Europe with an international reach. It has a presence in 73 countries, with more than 196,000 employees, including around 149,000 in Europe. The Group has key positions in its three main activities: Domestic Markets, International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors.
BNP Paribas Corporate and Institutional Banking is a globally recognised leader offering capital markets, securities services, financing, treasury and advisory solutions.

Business Area / Department Overview
In charge of periodic control (third line of defense), Inspection Generale carries out the function of internal audit and contributes to the protection of the activity and reputation of the BNP Paribas Group.

Inspection Generale provides an objective assurance of Risk Control to BNPP Group operations globally and is headed by the Inspecteur General who reports directly to the Group CEO.

Within Inspection Generale (IG), you will operate as a member of the Hub UK, which is a geographical Audit Hub, covering all activities in the UK.

The Hub has several distinct audit teams (around 70 auditors), all based in the UK. These teams are split by business activity covering all activities within their area of responsibility. Each team is headed by a direct report to the Head of Hub, who supervises the audit for the activities he/she is responsible for. The Head of Hub reports to a Deputy Head of IG Head Office. 

The Hub’s remit is to provide audit services to the Businesses, Operations and Functions in the UK in close liaison with Senior Management and Head Office entities. There is also a strong coordination to be expected with other Hubs. The main focus is to help the organisation accomplish its objectives by bringing a systematic approach to evaluate and improve the effectiveness of the Governance, Risk management, and internal Control (GRC) processes.

Assignments can be transversal and/or thematic as well covering a specific activity or topic across several product or business lines.

The Audit Hub provides employees with an excellent grounding in all aspects of the business, and regular interaction with Management enables strong relationships to be built, allowing a robust understanding in all aspects of the businesses.

Inspection Generale is recognised internally as a key talent pool within the BNP Paribas Group. 

Having performed successfully in this role, the individual will have the benefit of a broad range of career opportunities within the BNP Paribas Group - both within Internal Audit and wider business lines/functions; in the UK and abroad.  A comprehensive training programme is in place to ensure continued professional development.

Purpose & Scope of Role
The overall purpose of this position is to perform IT and Cyber Security Audit work in accordance with IG standards and methodology in order to strengthen bank’s IT and Cyber Security control environment.  

Key Responsibilities of Role

  • Perform Information Technology and Cyber Security audits through comprehensive fieldwork, thorough examination and evaluation of key risks and controls. 
  • When required, lead and/or contribute in special reviews and integrated audits as required by the business and/or regulators.
  • Perform thorough fieldwork by using a comprehensive and effective testing strategy.
  • Prepare “easy to follow” work papers with particular focus on traceability and analysis to support findings.
  • Aggregate facts and articulate draft findings and recommendations in simple and easy to understand manner. 
  • Finalise and distribute draft of audit findings/recommendations to auditees for internal control improvements.
  • Ensure that the audit deliverables are delivered on time, and with expected quality.
  • To follow through with auditee on implementation of recommendations and validate if the auditee has implemented the recommended counter measures or controls to address the root cause of the issue in an effective manner.
  • To contribute to the Information Communication Technology risk assessment of audit universe, establishing a reliable communication channel with the auditees.
  • Follow audit professional standards and regulatory requirements in the performance of the day-to-day function of internal auditor.
  • Assist the Head of Assignment to plan each audit prior to the commencement of fieldwork (includes meeting with IT and Bank management, discussing changes/events that have a material impact on the activity, revising/enhancing the examination program and scope as warranted)
  • Keep abreast of the evolution of areas like information technology, payment security, data governance, cyber security, auditing standards, banking regulations through training, publications and seminars.

Contributing Responsibilities

  • Contribute to the improvement of the Inspection Générale practices through sharing industry and organizational best practices, and influencing constructive ideas towards enhancement of our audit methodologies.
  • Contribute in periodic audit planning exercise by bringing in expertise and supporting data to highlight key audit areas or risks.  

Travelling requirement : below 30%


 


Experience, Qualifications & Competencies
Technical and Behavioral Competencies required 

  • Strong expertise in IT and Cybersecurity risks and controls (IT security hands-on experience is a plus)
  • Intermediate-level data analysis skills.
  • Conversant with AGILE methodology for the delivery of audits.
  • Outstanding analytical skills
  • Familiar with key banking regulations such as CHAPS, BASEL, PCI DSS, SOX. ISO etc.
  • Ability to manage and effectively communicate with stakeholders from middle to senior level management. 
  • Ability to synthesize and articulate the core issues in simple English. 
  • Excellent communication and presentation skills (in English)
  • High level of initiative, commitment, and drive
  • Ability to work effectively under pressure and within short deadlines
  • Promotes a constructive, cooperative, and participative teamwork environment

Specific Qualifications 

  • Possess a Bachelor’s / Master’s Degree in Information Technology/ Management Information System / Computer Science and related discipline;
  • Not less than 3 years of experience in external auditing / internal auditing / IT / risk / compliance / internal control / operations in the financial services industry.
  • Professional Qualification/Certificate in Audit, e.g. CISA, CISSP, CISM, CCSP.

Skills Referential
Behavioural Skills:

  • Creativity & Innovation / Problem Solving
  • Ability to collaborate / Teamwork
  • Ability to synthesise / simplify
  • Adaptability

Transversal Skills:
Analytical Ability

  • Ability to understand, explain and support change
  • Ability to anticipate business / strategic evolution
  • Ability to inspire others & generate people’s commitment
  • Ability to develop and leverage networks

Education Level: Bachelor Degree or equivalent

  • Experience Level : At least 3 years

Other/Specific Qualifications (any of these skills is highly appreciated)

  • Information Technology – Systems
  • Operating Systems : Linux/UNIX, Windows
  • Databases Management Systems: Oracle, SQL Server, NoSQL, MariaDB, MongoDB
  • Data Analytics: Elasticstack, Kafka, Tableau, Power BI, R, Python (Panda, Matplotlib, SciKit)
  • Cloud Technology: AWS, Azure - Containers Kubernetes, Docker
  • Programming / scripting: Linux / windows Shell, batch commands / Javascript, Web development framework

Cybersecurity
Tools/Technologies: 

  • Identity Access Management: Sailpoint, CyberArk, Oracle Identity Management , Single Sign-On : WEB SSO
  • Network Security: Strong network knowledge, (routing, Firewalls), Proxies (WEB, Reverse Proxy), 
  • System security
  • Security configuration, Patching, vulnerability scanning (Nexpose, Nessus), Active Directory. LDAP
  • Application security: OWASP, WAF, Scanning (Qualys, Rapid7, Tripwire, Fortify)
  • Penetration Testing / ForensicsTools: Kali Linux (Burpsuite, nmap, zap, dirbuster, metasploit, …)
Primary Location
GB-ENG-London
Job Type
Standard / Permanent
Job
PERIODIC CONTROL
Education Level
Bachelor Degree or equivalent (>= 3 years)
Schedule
Full-time
Reference
19102


Discover the different professions within BNP Paribas: Audit, Compliance, Risk and Legal

If it is your ambition to work in a profession that entrusts you with a high degree of responsibility and gives you the chance to contribute to strategic decision-making at BNP Paribas, the following roles might be ideal for you to consider.

Find out more

Why should I apply?

Basically, why would you want to join BNP Paribas over any other company?

BECAUSE YOU'RE THE KIND OF PERSON WHO WANTS...

  • What if we told you that working in our Group may not be quite what you think? BNP Paribas business lines and careers are constantly evolving to meet the expectations of our clients and society as a whole.

  • Feeling good about your job means bringing your whole self to work and being who you are. It’s also about having the resources you need to achieve a healthy work-life balance. Both of these are major commitments at BNP Paribas.

  • At BNP Paribas, developing your skills is as important to us as it is to you. And the skills you learn with us will help you through the rest of your working life.

Find out more