RISK ORC ICT- Risk Governance Lead
Standard / Permanent
BNP Paribas Overview
BNP Paribas has a presence in 75 countries with more than 185,000 employees, including 145,000 in Europe. It ranks highly in its two core activities: Retail Banking & Services and Corporate & Institutional Banking.
At BNP Paribas, we work continuously on behalf of our clients, helping them to realize their projects around the world. You can be an important part of this, helping us to serve our clients both in mature and emerging markets, providing them with financial solutions across a diverse range of expertise, products and services. Our origins lie in Europe, but nearly a quarter of our employees now work in our multi-award-winning Asia Pacific offices and we are a committed player in all markets.
Strong risk management, combined with the stability that comes from being part of one of the largest banking groups in the world, underpin our success. Joining us, you’ll become an integral part of a dynamic team that spans nationalities, cultures and backgrounds, drawing together people from around the globe and reflecting our commitment to international placements.
The Information and Communications Technology Risk department is part of the Group Risk Functions within BNP Paribas. It is a part of the 2nd line of defence under the Bank’s Chief Cyber & Technology Risk Officer. The department has responsibility for identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions. This is achieved by delivering:
- Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks. Tracking issues and agreed actions to completion.
- Horizontal Risk Assessment: Assessing technology risks in relation to a particular theme or technology across the organisation. Examples could be assessments of the firewall change process, applications processing >$5m per day, applications hosted in the cloud, etc.
- Vertical Risk Assessments: Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc) or our Internet connectivity.
- Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions.
Responsible for the development and implementation of an enterprise-wide ICT risk governance program, reporting to the Global Head of Emerging Technology and Governance.
Successful candidate will have proven track record of developing and implementing risk management governance programs in global financial services organizations, with robust knowledge of Cybersecurity IT risk management, IT security compliance, and regulatory reporting, in the Financial Services or Consulting industry which is a must.
Governance and Oversight:
- Coordinate and deliver on the enterprise-wide ICT risk governance program
- Deliver security risk assessment reviews
- Support team building capabilities for other members of the team
- Be a trusted team member who can work closely with key stakeholders to provide feedback and challenge the 1st line of defence
- Able to conduct reviews for activities which include but are not limited to risk appetite, RCSAs, risk register to name a few
- Able to deliver reports to all levels of management across the Group
Skills & Experience Required:
- Extensive Information Security experience specifically in security and technology governance, for a consultancy or in Banking/Financial services;
- Experience in managing a large team successfully, providing coaching, opportunities for progression and enhancing utilization to maximize performance;
- Team player – focus on the success of the whole team. Working well both with others, as well as individually;
- Excellent stakeholder management skills;
- Excellent listening and analytical skills – being able to come to a thoughtful and business focused conclusion quickly;
- Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate;
- Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done;
- Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well;
- Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management;
- Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role;
- Ability to express views clearly and fluently, both orally, during presentations and in writing.
- A professional qualification relevant to Information Security such as CISA, CISA, CCSK, CISM, PMI required;
- Excellent understanding of large-scale IT and Cyber risk governance in the second line of defence for a Financial services organization;
- Experience of formal document creation, such as the creation of presentations, reports or procedures. Presenting documentation in a professional and well-structured format;
- Be a role model, supporting and fostering a culture of good conduct
- Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks
- Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure.
- Take responsibility for your team’s conduct and conduct risks.