Risk IT Analyst
BNP Paribas is a leading European bank with an international reach. It has a presence in 72 countries, with more than 202,000 Employees – including more than 154,000 in Europe and over 5,000 in Portugal alone.
BNP Paribas is present in Portugal since 1985, having been one of the first foreign banks to operate in the country. Today, BNP Paribas has several entities operating directly in this territory, offering a wide range of integrated financial solutions to support its clients and their businesses.
Worldwide, the Group has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realise their projects through solutions spanning financing, investment, savings and protection insurance.
RISK Operational Risk & Control (RISK ORC) CIB belongs to the second line of defence of BNP Paribas Corporate and Institutional Bank (CIB). It belongs to the Risk Function (RISK) of BNP Paribas and is under the responsibility of the Chief Operational Risk Officer for CIB.
The department has responsibility for independently challenging and supervising the Operational Risk management of CIB activities (Corporate Banking, Global Markets, Securities Services, IT, Operations, Functions) on a worldwide scope. This is achieved by framing operational risk methodology for CIB, disseminating of a risk management culture across CIB, assessing the adequacy of the CIB operational risk management set-up, controlling effectiveness of CIB control environment, contributing to the detection, anticipation and response to risks, alerting CIB and RISK stakeholders on any significant risk issue and providing a consolidated view on CIB operational risks profile.
As the second line of defence for Information and Communications Technology (ICT), RISK ORC has responsibility for identification of key technology risks to the Bank and influencing business, functions and technology partners to take sound risk management decisions.
ROLE AND RESPONSIBILITIES
Integrated in the Global Iberian Centre of Excellence for the RISK ICT, the candidate will be responsible for supporting the CIB RISK ORC ICT Risk Manager in the development and implementation of the ICT risk management program including ICT third parties on the CIB activities managed and run in Lisbon, Portugal.
Framework: to assist the CIB RISK ORC ICT Risk Manager in the review, analysis and challenge of the CIB ICT risk management framework and in particular the norms & standards, consistently with RISK ORC ICT guidelines, and validate any exemption to these norms & standards.
Risk Identification & Assessment: to assist the CIB RISK ORC ICT Risk Manager to challenge and verify CIB risk identification, ensure the consistency of potential incidents quantification, conduct independent ICT risk assessment (incident review, post mortem analysis), and validate closure of permanent control actions.
Risk Treatment & Decision: to assist the CIB RISK ORC ICT Risk Manager in overseeing the risk treatment process (risk acceptance, risk transfer, risk remediation) performed by CIB, jointly participate to co-decision Committees (e.g. NAC/TAC or similar) and/or share opinion on the ICT risks exposure with CIB RISK ORC ICT Management.
Testing: to conduct independent testing and challenge on 1st LoD CIB controls and perform 2LOD penetration tests / vulnerability scans if required.
Risk Reporting, Monitoring & Alert: to support management and CIB RISK ORC ICT Risk Manager on incidents and crisis management (e.g. security events); to alert CIB RISK ORC ICT Risk Manager on critical points for attention to be raised to CIB RISK ORC and Senior Management
Awareness / Training / Animation: to assist the CIB RISK ORC ICT Risk Manager in promoting and driving awareness on ICT; to assist in organising risk meetings, forums and committees with community members.
The successful candidate will have exposure to implementing risk management programs and/or working in an internal/external IT assessment function within a reputed consultancy/ global organisation, with robust knowledge of technology, risks, architectures and related tools. Prior IT risk experience (IT, Cyber, Vendor management etc.), exposure to the Financial Services industry, experience with GRC tools and other risk management information systems is preferred.
Negotiation, Conflict Management and Presentation skills are necessary. The individual will assist in the preparation/contribution to the development of CIB RISK ORC ICT independent testing controls and conduct Risk and Control Self-Assessment independent re-testing and validation on 1st LoD set up and performed controls. Experience interacting with regulatory agencies is a plus.
- 3+ experience specifically in technology risk assessments
- Bachelor degree in Information Technology, Information Security, Business or Risk Management (or equivalent professional qualification)
- Team player – focus on the success of the whole team. Working well both with others, as well as individually
- Excellent stakeholder management skills
- Experience in a Technology Risk, Information Security or an IT Assessment and audit role
- Good listening and analytical skills – being able to come to a thoughtful and business focused conclusion quickly
- Ability to co-operate and work well with others adopting an approachable style – Important as we work closely with a large and diverse set of customers
- Ability to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits
- Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate
- Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done
- Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well
- Being rigorous and thorough – especially when logging and tracking issues through to conclusion
- Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management
- Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business
- Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate
- Good knowledge of Information Security, Business Continuity, and IT Audit and assessment methodologies and concepts
- Experience working with IT, business continuity, IT risk and audit teams
- Ability to articulate risk management concepts in business language
- Excellent written and verbal communication skills
- Proficient with Microsoft Office Suite
- Prior experience documenting tool requirements to support risk management
- Ability to travel to vendor sites and perform assessments as necessary
- Proven ability to manage issues through to resolution; skilled at making judgment calls.
- Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times
- Industry certifications (e.g. CISA) or willingness to obtain the same
- Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework
- Multilingual capability (English and/or French) is preferred
- Be a role model, supporting and fostering a culture of good conduct
- Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks
- Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure
BNP Paribas is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.
Please note that only applications submitted in English will be considered.
In case you are selected for this role, further documentation will be requested to support your hiring process.