IT Risk Assesor

RISK ORM (RISK Operational Risk Management) is part of the Group BNP Paribas second line of defence (2LoD). It belongs to the Risk Function (RISK) of BNP Paribas and is under the responsibility of the Group Chief Operational Risk Officer.

The department has responsibility for independently challenging and supervising the Operational Risk Management (ORM) of Group BNP Paribas activities on a worldwide scope. This is achieved by framing operational risk methodology for Group BNP Paribas, disseminating of a risk management culture across the Group, assessing the adequacy of the ORM set-up, controlling effectiveness of the Group Entities control environment, contributing to the detection, anticipation and response to risks, alerting BNP Paribas Management and RISK stakeholders on any significant risk issue and providing a consolidated view on Group Entities operational risk profile.

As the second line of defence (2LoD) for Information and Communications Technology (ICT) risks (which are operational risks), RISK ORM has the responsibility to identify the key technology risks of the Bank and to influence Businesses, Functions and technology partners to make sound risk management decisions, working with the main Businesses and Functions teams such IT Operations, Cloud, Cybersecurity, Data, Finance, etc.

**ROLE AND RESPONSIBILITIES**
- Framework: to assist in the review, analysis and challenge of the ICT risk management framework and in particular the norms & standards, consistently with RISK ORM guidelines, and validate any exemption to these norms & standards, namely the ICT Risk and Control plans definition.
- Risk Identification & Assessment: to challenge and verify on the first line of defence (1LoD) risk identification, ensure the consistency of potential incidents quantification, conduct independent ICT risk assessment (incident review, post mortem analysis), and validate closure of permanent control actions (controls implemented by 1LoD).
- Risk Treatment & Decision: to assist in overseeing the risk treatment process (risk acceptance, risk transfer, risk remediation) performed by the BNP Paribas Entities and their Departments, jointly participate to co-decision Committees (e.g. Change Management, New Activity, New Process, Vendor, Emergent Technologies) and/or share opinion on the ICT risks exposure with RISK ORM and 1LoD Management. Oversight the action plans defined to mitigate risk and to implement the Internal Audit, Regulators and other IT/Security authorities conclusions and recommendations.
- Testing: to conduct independent testing and challenge on 1LoD (IT and operations) controls and oversight/perform 2LOD tests/vulnerability scans when required.
- Plan: to assist to identify the main ICT risks priorities, clarify/ define the approach to perform the work aligned with BNP Paribas framework, manage relationship with stakeholders, and ensure deliverables agreed.
- Risk Reporting, Monitoring & Alert: to support BNP Paribas Management and the RISK stakeholders on incidents and crisis management (e.g. security events, data leakage); to alert on critical points for attention to be raised to RISK Management.
- Awareness / Training / Animation: to assist in promoting and driving awareness on ICT risks; to assist in organising risk meetings, forums and committees with community members.

**REQUIREMENTS**
- Bachelor degree in Information Technology, Information Security, Business or Risk Management (or equivalent professional qualification)
- Business analysis skills - ability to understand requirements and delivering these requirements in the context of tool implementation
- Industry certifications (e.g. CISA, CRISK, COBIT) or willingness to obtain the same
- Good stakeholder management skills
- Good level of English is essential
- Multilingual capability is a plus (French is preferred, other language is a plus)
- 4+ experience specifically in technology risk assessments
- Good knowledge of ICT risks, IT Control, Information Security, Business Continuity, IT operations and IT Audit and assessment methodologies and concepts
- Experience working with ICT risks, business continuity, IT Management and operations, IT risk and IT audit teams
- Ability to articulate risk management concepts in business language
- Proficient with Microsoft Office Suite
- Prior experience documenting tool requirements to support risk management
- Ability to travel to BNP Paribas and vendor sites, and perform assessments as necessary
- Industry certifications (e.g. CISA, CRISK, COBIT) or willingness to obtain the same

**PRIMARY LOCATION**

**ES-MD-Madrid**

**JOB TYPE**

**Standard / Permanent**

**JOB**

**INFORMATION TECHNOLOGY**

**EXPERIENCE LEVEL**

**At least 7 years**

**SCHEDULE**

**Full-time**

**REFERENCE**

**BNP-000797**

**APPLY**

***
- (REF: BNP-000797)