The bank for a changing world

Vice President – 3rd Party Security Risk Assessor


Standard / Permanent


US-NY-New York

Job function



IT 000465

Business Overview:
The 3rd Party Security Risk Assessment function, under management of the  Head of Cyber Security, will be performing security assessments of vendors, service providers and 3rd party companies that manage systems or information for BNP Paribas. The team works in close collaboration with the Procurement, Legal, Business Continuity and other stakeholders in the 3rd party risk management process. The activity includes development and maintenance of appropriate procedures for the vendor risk review, actual assessment and definition of corrective action plans resulting from these assessments.
  • Review services provided by vendor and define scope of assessment based on SIG / AUP
  • Perform security assessments or work with 3rd party provider who will be performing the review
  • Review assessments performed by 3rd party and provide feedback
  • Define appropriate risk levels and corrective actions for issues identified
  • Report on assessment outcomes, risk level and associated recommendations
  • Present issues to 3rd parties and obtain corrective action plans
  • Input corrective action plans into system
  • Follow up on corrective action plans and review evidence for closure
  • Provide metrics on a regular basis (KPI / KRI)
  • Periodically reach out to vendors hosting our data regarding current threats to ensure they are taking necessary steps to reduce exposure.
  • Update procedure documentation to incorporate process changes.

  • Bachelor of Computer Science degree from an accredited college or university, or equivalent work experience
  • Minimum 5 years professional work experience, including a minimum of 2 years in an Information Security role or an IT Auditor role
  • Strong written/verbal communication skills, and organizational and work documentation proficiency
  • Good communicator with demonstrated ability to pass messages in a clear and concise manner
  • Ability to adapt to changing priorities, handle multiple assignments, and adhere to strict deadlines
  • Ability to coordinate actions from several different teams
  • Experience performing IT audits or IT security risk assessments
  • CISSP, CISM or CISA certification preferred
FINRA Registrations:
  • Not Applicable