Lead Auditor - Independent Technical Testing
Standard / Permanent
Independent Technical Testing Director, Americas Centre of Excellence.
MISSION AND OBJECTIVES
The Information and Communications Technology (ICT) Risk department is part of the Group RISK ORC Functions within BNP Paribas. It is a part of the 2nd Line Of Defence (2LOD) under the Bank’s Chief Cyber & Technology Risk Officer. Among others, the department has responsibility for identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions.
This is achieved by delivering:
Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks. Tracking issues and agreed actions to completion.
Horizontal Risk Assessments: Assessing technology risks in relation to a particular theme or technology across the organization. Examples could be assessments of the firewall change process, applications processing >$5m per day, applications hosted in the cloud, etc.
Vertical Risk Assessments: Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.) or our Internet connectivity.
Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions.
Recurrent analysis of maturity of controls on all entities of the Group.
Independent Technical Testing (ITT) within RISK ORC ICT in one of the activities of the Information and Communications Technology (ICT) Risk department. BNP Paribas is looking for the Lead for the ITT assignments in the Americas Centre of Excellence, which will help with her/his team to identify and reduce risks on the information system (alignment of strategy with business needs, software development life cycle, IT project management, IT architecture, IT security, etc.) and thus improve the Bank business as usual. The Group is engaged in an important transformation process, including outsourcing functions or applications redesign.
The Independent Technical Testing expert position is a multi-dimensional role, including in the processes, governance, architecture, network, systems, IT application and cyber security issues. The position will play a leading role in the implementation of all the stages of the assigned evaluations. It will have the skills to strengthen team spirit, improve the team's skills in various areas of ICT, and ensure the quality, relevance and traceability of all identified gaps. As a Lead Auditor, you will interact directly with clients and all levels of management and will be able to synthesize and popularize technical data and identify risks. Your excellent interpersonal skills and verbal and written communication will help ensure the proper conduct of the evaluations. As a team member, you will also have the opportunity to help improve the evaluation methodology and develop the team tools to enhance the level of relevance of the data.
Provide independent advice and timely assurance to management regarding the adequacy and effectiveness of policies, processes, systems and controls.
Contribute to the development and implementation of a comprehensive evaluation methodology and related tools to provide consistent reporting within the prescribed time frame
Planning evaluations with clients, auditors and team members.
Document and communicate survey results by ensuring the quality, relevance and traceability of identified deficiencies.
Ensure that full and accurate reports are provided in accordance with the RISK ICT methodology and standards.
Execute other assigned tasks.
TRAINING AND OCCUPATIONAL EXPERIENCE
• Master's or equivalent degree in IT Risk/Cybersecurity field or relevant experience.
• 3 to 8 years of experience as an IT auditor, preferably in Public Accounting Firm or Internal Audit department
• Good knowledge of ICT topics
• Certified professional certifications in the information security sector, such as CISSP, CISA, GCCC, CISM, CRISK, CEH, OSCP or Security+
• Expertise in presenting official deliverables such as PowerPoint presentations, reports or procedures
• Ability to effectively communicate and make presentations in a structured manner
ESSENTIAL SPECIFIC REQUIREMENTS
Control of concepts related to network infrastructure and information security, including emerging threats and attack methodologies, in particular:
• Network Security, configuration of network equipment, network protocols, network standards, supervision, "conceptual competencies," "decision making," "informing others," functional and technical expertise, reliability, information security policies
• Expertise recognized in integrating different security or data protection technologies within a coherent architecture to effectively cover the risks of the company
• Control of Technical Testing Tools and Script Development
• Experience in intrusion tests (network, application or system), an asset
• Technical understanding of security technologies, including intrusion detection and prevention, correlation of events, firewalls, antivirus, anti-spam, policy tightening, patch management and configuration, security checks and techniques, and security development techniques and techniques
• Knowledge of cryptographic standards for encryption, electronic signature, key management infrastructure (PKI)
• Good understanding of native platforms or common applications such as: UNIX, Linux, Windows, Android, IOS, Oracle, MS SQL, Microsoft Outlook, J2EE and applications .NET, etc.
• Knowledge of IT Controls
SKILLS AND BEHAVIOURS
• Role model, promotion of a culture of good conduct and contribution to maintaining such a culture
• Proactivity, transparency and clear accountability for the determination and management of behaviour risks
• Ability to take decisions taking into account the impact of its actions on colleagues, partners and clients and to report the situation to its superior in case of doubt
• Excellent skills in problem solving, presentation and consultation
• Language proficiency used by analysts and language focused on the strategy for exchanges with senior management
• Strong project management skills
• Exceptional communication skills, both written and oral.
A recruitment policy that promotes equity and diversity:
Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.
We pride ourselves in applying non-discrimination rules to all our recruitments.
We will only contact the candidates selected who meet the job requirements in terms of training and experience.
About BNP Paribas
BNP Paribas is a leading bank in Europe with an international reach. It has a presence in 73 countries, with more than 195,000 employees, including more than 148,000 in Europe. The Group has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realise their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, the Group has four domestic markets (Belgium, France, Italy and Luxembourg) and BNP Paribas Personal Finance is the leader in consumer lending. BNP Paribas is rolling out its integrated retail-banking model in Mediterranean countries, in Turkey, in Eastern Europe and a large network in the western part of the United States. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas also enjoys top positions in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific.
About BNP Paribas in Canada
In Canada, BNP Paribas is one of the dominant foreign banks in the country and is committed to building its platform even further. Since becoming the operational hub for the Group’s activities in North America in 2013, it has grown significantly to reach more than 700 employees and is expected to continue growing in the coming years. With the continued development of technology and financial fields, BNP Paribas Canada continues to attract experts with diverse backgrounds as well as young and ambitious talent from across the globe. With the international mobility and capacity that very few companies can offer, BNP Paribas prides itself in providing a superior foundation for building a professional career - a place for people to learn, to achieve and grow.