The bank for a changing world

We are looking for

Vice President - ICT Risk Manager

Contract

Standard / Permanent

Location

US-NY-New York

Country

USA

Job function

MISCELLANEOUS

Apply REF: RIS000764

BNP Paribas is a leading bank in Europe with an international reach. It has a presence in 74 countries, with more than 192,000 employees, including more than 146,000 in Europe. The Group has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, the Group has four domestic markets (Belgium, France, Italy and Luxembourg) and BNP Paribas Personal Finance is the leader in consumer lending. BNP Paribas is rolling out its integrated retail-banking model in Mediterranean countries, in Turkey, in Eastern Europe and a large network in the western part of the United States. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas also enjoys top positions in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific.

 

www.cib.bnpparibas.com

 
Business Overview:

The Intermediate Holding Company (“IHC”) program structured at the U.S. level across poles of activities of BNP Paribas provides guidance, supports the analysis, impact assessment and drives adjustments of the U.S. platform’s operating model due to the drastic changes introduced by the Enhanced Prudential Standards (“EPS”) for Foreign Banking Organizations (“FBOs”) finalized by the Federal Reserve in February 2014, implementing Section 165 of U.S. Dodd-Frank Act.

 

Fully integrated in the BNP Paribas Group, BNP Paribas Corporate and Institutional Banking (CIB) is a leading provider of solutions to two client franchises: corporates and institutionals, and operates across EMEA (Europe Middle East Africa), APAC (Asia Pacific) and the Americas. The bank is a global leader in Debt Capital Markets and Derivatives. It is a top European house in Equity Capital Markets and it has leading franchises in Specialized Financing. In Securities Services, it is a top five House worldwide. BNP Paribas CIB strives to service the global economy by providing solutions to its clients in financing (ECM, DCM, specialized financing), flow banking (trade finance and cash management), financial advisory (M&A, project finance), global markets (interest rates, credit, foreign exchange, equity derivatives), risk management, and securities services.

 

Information and Communication Technology (ICT) is a strategic consideration for BNP Paribas. ICT risk is the chance or possibility of harm being caused to a business as a result of a loss of the confidentiality, integrity or availability of ICT assets. ICT risk management is the optimization of the information asset/control relationship in the context of a cost/benefit analysis and in alignment with the organization’s overall risk appetite. Second line Risk Managers are responsible for the aggregate entity and group-wide ICT risks, and are granted independent authority to effectively test and challenge the first line’s approach to ICT Risks.

 
 
 
 
 
 
Responsibilities:

The ICT/Technology Risk Manager (2LOD) within the BNP Paribas CIB ORC ICT Organization will provide oversight and guidance across both direct and indirect areas of responsibility for the CIB Americas set of operating entities. Key responsibilities include:

  • Managing the execution and coordination of the technology risk function related to the execution of framework components and sustainment of technology risk governance across the enterprise to include the oversight and monitoring of First Line of Defense (1LOD).
  • Performing Second Line of Defense (2LOD) functions in support of the technology Risk framework and articulate residual risk in various forms and formats. The Technology Risk Manager is responsible to drive the use of empirical methodologies in order to improve decision making processes and help manage operational risk consistent with the Bank's Risk Tolerance and Risk Appetite.
  • Partnering with federated 1LOD technology risk teams across the organization to provide directions and to ensure sound controls are implemented within the various business groups that provide enterprise technology risk program requirements.
  • Providing leadership in the planning, development and implementation of technology risk frameworks/measurement methodologies, policies, standards and procedures specific to the needs of the enterprise, which are aligned with the Bank's Operational Risk Program and risk appetite.
  • Where appropriate, leading teams of Technology Risk professionals in support of bank-wide operational risk goals and objectives to drive clarity as to potential areas of material technology risk. 
  • Analyzing and documenting various processes and products, existing or new, by working with the 1LOD risk teams to identify key processes and help assess the effectiveness of Key Controls within those processes.
  • Working with management and staff in areas of the organization affected by technology changes practices to ensure understanding and implementation of technology risk policies, standards, and procedures.
  • Collaborating with 1LOD risk teams to study and investigate technology risk issues and identify and implement sound and effective solutions.
  • Performing and/or analyzing periodic testing to determine effectiveness of adherence to the Bank's defined technology risk related requirements, internal policies and best practices.
  • Performing oversight of governance for technology related risk across the organization to ensure technology risk is identified, assessed, quantified, appropriately mitigated and managed through the lifecycle of the product/service.
    • This would be accomplished in a variety of means including, but not limited to, assessments of 1LOD risk programs, challenge/validation of assessments performed by 1LOD and challenge/validation of metrics
  • Reviewing, analyzing and making recommendations to the design and implementation of the technology risk management framework
  • Working with key partners, draft reporting which includes metrics/KRIs, program status, technology risk profile, risk acceptances and other information in order to provide a holistic picture of technology risk
  • Ongoing monitoring to ensure key program requirements are being met through analysis of metrics and data
  • Performing industry best practice monitoring to identify incidents and risk trends
  • Escalating issues to appropriate levels within organization
  • Performing periodic/ad-hoc reviews/testing to determine if program is operating as designed
  • Providing subject matter expertise related to program questions
  • Providing input to technology related assessments
Responsibilities Cont’d:
  • Providing timely updates to address any technology-related issues
  • Key liaison with corporate offices such as the Operational Risk Department, Security, Vendor, Compliance, Audit, Legal and HR as well as with other business units
  • Promoting technology risk and operational risk awareness
  • Developing new tools, defines requirements, identifies data sources, analyzes data and prepares reports as needed to effectively provide workable solutions or respond to requests for information from various internal and external sources
  • Identifying enhancements for program tools to support and improve reporting
  • Supporting quality assurance sampling and secondary reviews as required
  • Reviewing, analyzing and making recommendations regarding the design and implementation of the operational risk management framework as applicable and required for technology risk
  • Where appropriate, leading teams of Technology Risk professionals in support of bank-wide operational risk goals and objectives to drive clarity as to potential areas of material technology risk. 
  • Staying current in technology specific operational risk management techniques, industry best practices, and regulatory requirements.
  • Performing other duties as assigned

Minimum Required Qualifications
  • 10+ years combined Information Technology and/or Risk Management experience
    • 5+ years’ experience working in Technology Risk Management preferred
    • 2 or more years supervisory or managerial experience preferred
  • Bachelor’s degree (Information Technology or Information Security preferred)
  • Extensive knowledge of technology and banking products in an operating environment
  • Excellent written and verbal communication skills including Senior management or executive level presentation material development experience
  • Proficiency with IT Risk Management best practices
  • Ability to work collaboratively by building consensus and influencing decision making to foster forward progress with projects and initiatives.
  • Proven leadership style that includes exceptional people skills, program management, business and technology expertise
  • Excellent organizational skills, coupled with ability to be versatile and flexible
  • Sound business judgment and the ability to work successfully with all levels of management
  • Creativity and the ability to produce innovative solutions.
  • Demonstrated ability to work independently and within a team
  • Excellent PC skills (MS Word, PowerPoint, Publisher, Excel and VISIO)
 
Preferred Qualifications:
  • CRISC / CISA /CISM
  • Process/Quality Management discipline (Six Sigma, etc.)

FINRA Registrations Required: 
  • Not Applicable

BNP Paribas is committed to providing a work environment that fosters diversity, inclusion, and equal employment opportunity without regard to race, color, gender, age, creed, sex, religion, national origin, disability (physical or mental), marital status, citizenship, ancestry, sexual orientation, gender identity and gender expression, or any other legally protected status.


BNPPRSR

Give us your feedback Complete our survey