Cloud Security Risk Lead Assessor

The RISK ORM (Operational Risk Management) Technology Risk Intelligence Digital Solutions department is part of the Group Risk Functions within BNP Paribas. It is a part of the 2nd line of defence under the Bank’s Enterprise Risk Management and Chief Operational Risk Officer. The department has responsibility for identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions. Our work involves following initiatives, for example:

- Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks
- Tracking issues and agreed actions to completion
- Horizontal and Vertical Risk Assessments
- Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions.

**ROLE**

This role is in alignment with 2LoD involvement required on BNP Paribas dedicated hybrid Cloud that is core of Cloud Strategy. The scope of the role involves coordinate, oversight and advice:

- BNP Paribas Group dedicated hybrid Cloud Program, Cloud adoption and operations with periodic and event based risk reporting to management and risk committees in alignment with IT Group Cloud Program & team, Group CISO & team, IT Group Production & teams and Cloud Service Provider teams.
- Community building, collaboration and partnering as dedicated hybrid Cloud security expert with RISK ORM and cross functional stakeholders on policies, procedures, control requirements, poles and entities dedicated hybrid Cloud adoption, Operational resilience, crisis management, data centre and telecom plan, Cloud security operations, third party technology risk management, emerging technology, pole and entities IT strategy & strategic programs, etc.

The position is based in Madrid reporting directly to the Global RISK ORM Iberian Centre of Excellence and functionally to RISK ORM Technology Risk Intelligence Digital lead located in London.

**SCOPE**

KEY RESPONSIBILITIES
- Coordinate, oversight and advice RISK ORM contribution and oversight on BNP Paribas Group dedicated hybrid Cloud Program, Cloud adoption and operations with periodic and event based risk reporting to management and risk committees in alignment with IT Group Cloud Program, Group CISO, IT Group Production teams, Cloud service providers, etc.
- Participate in multiple Group Cloud program and operations governance committees for dedicated hybrid Cloud with IT Group Cloud Program, Group CISO, IT Group Production teams, Cloud service provider, etc. covering topics of Cloud strategy, Cloud security & ICT (Information and Communications Technology) risks, Cloud adoption, operational security, remediation actions, etc.
- Periodic (weekly, monthly, quarterly, half yearly, annual) and need or event based risk reporting to management and group risk committees on dedicated hybrid Cloud services adoption status and plan, risks, issues, Cloud security maturity, remediation actions, etc.
- Define minimum baseline dedicated hybrid Cloud security controls in collaboration with IT Group Production security teams, Cloud security experts, Operational risk officers, ICT risk officers, etc.
- Define process and workflow to automate monitoring and reporting of compliance to minimum baseline dedicated hybrid Cloud security controls on Cloud security posture management solutions in collaboration with IT Group Production teams, Cloud service provider, ICT risk officers, operational risk officers, etc.
- Identify and update risk reporting methods using automated solutions, leveraging existing or new solutions of Governance, Risk and Compliance (GRC) tools for dedicated hybrid Cloud services asset register, risk register, remediation tracking, etc. Cloud Security Posture Management solutions, operational risk management solutions, IT service management solutions, reporting & dashboard solutions, etc.
- Promote and manage the Cloud community building, collaboration and partnering as dedicated hybrid Cloud security expert with operational Risk stakeholders and cross functional teams on policies, procedures, control requirements, poles and entities dedicated hybrid Cloud adoption, operational resilience, crisis management, Cloud security operations, data centre and telecom plan, third party technology risk management, emerging technology, pole and entities IT strategy & strategic programs, etc.
- Lead and liaise with third party risk management teams periodically (weekly / monthly / quarterly) and on need or event based for Contract committees, security committees with Cloud providers and Independent Software vendors (ISVs), 3rd parties management committees and reporting to management on Cloud provider risks, 3rd parties, ISVs risks, issues, remediation actions, etc.
- Lead and liaise with Operational risk and ICT risk of