IT Auditor

GROUP BNP PARIBAS

BNP Paribas Group is the top bank in the European Union and a major international banking establishment. It has close to 185,000 employees in 65 countries. In Spain we are more than 5,100 employees within 13 business lines.

CIB

BNP Paribas Corporate & Institutional Banking provides large companies, multinationals and financial institutions with various solutions in the areas of advisory, financing, transactional banking, capital markets, settlement, clearing and custody of securities, asset and fund management services and solutions for corporate issuers. It has 620 professionals in Spain with offices in Madrid, Barcelona, Bilbao and Coruña. The entity has a network present in 56 countries.

ABOUT THE JOB

MISSION

The Inspection Générale (IG) is the internal audit function of the group. It carries out audits on all the activities of the Group in France and worldwide, relying either on generalists or specialists auditors, either through central or local teams.

The Iberian Peninsula IG Hub is a team of auditors covering BNP Paribas Group entities operating in Spain and in Portugal, countries where BNP Paribas develops both domestic business activities and large outsourced service centers. The hub intends to develop a practice for auditing IT activities operated in the Iberian Peninsula and from time to time, for supporting other IT audits over the EMEA region.

In this respect, the Iberian Peninsula IG Hub looks for an IT Auditor with a strong IT knowledge and experience in order to participate to IT audit assignments. Knowledge in the fields of Cybersecurity and IT Audit will represent an additional advantage.

The IT Auditor will report directly to the Head of IT Assignment and will be functionally part of the worldwide IT Audit Line.

RESPONSIBILITIES

1-Participate in the audit team assignments and special reviews (when required by regulators, business lines, or senior management):

• Contribute to the planning and preparation of the assignment e.g. understanding the methodology to be applied, acquiring a deep knowledge of the activities to be covered, understanding the detailed technologies, gathering relevant key figures, etc.
• Develop a thorough understanding of the activities within the scope of the assignment, its strategy and governance, and the related risks.
• Evaluate the overall setup and identify the main areas of risk (including a comprehensive assessment of the management actions).
• Execute detailed investigations leveraging on a strong technical knowledge in various IT systems (Databases, Operating systems Linux/Windows, Cybersecurity/Network security, Virtualization, containerization, Cloud Computing and related risks).
• Leverage on adequate programming languages and scripting to perform efficient investigations by automating analysis.
• Ensure the adequate learning and understanding of the standard IT solutions used in the IT infrastructure and production, Cybersecurity management in order to analyze adequately their configuration and be able to identify and raise potential risks.
• Recommend appropriate actions to the management in order to remediate the identified weaknesses.
• Formalize the results of the assignment investigations and contribute to the production of the assignment deliverables.
• Present the conclusions of the assignment fieldwork to the senior management.

2-Review the implementation of the Inspection Générale IT recommendations:

• Review and challenge the actions defined to remediate the weaknesses identified by the audit team through its assignments.
• Ensure the adequacy of the answers to address permanently the gaps following accurately the recommended actions.
• Perform relevant control testing to ensure the proper implementation of the actions.

3-Contribute to the periodic risk assessment of IT activities and planning:

• Perform a periodic and comprehensive risk assessment of the IT activities as per the Group guidelines.
• Keep abreast of change/new development of regulatory requirements that are relevant to IT activities and related functions.
• Assist in the elaboration of the IT audit planning following a risk-based approach.
• Contributing Responsibilities
• Contribute to the improvement of the Inspection Générale practices through the elaboration and update of our methodologies.

REQUIREMENTS

1-Studies

• Possess a Bachelor's / Master's Degree in Information Technology/ Management Information System / Computer Science and related discipline;
• Professional Qualification/Certificate in Audit, e.g. CISA, CISSP, CISM, CCSP is a plus.

2-Experience

• Not less than 3 years of experience in external auditing / internal auditing / IT / risk / compliance / internal control / operations in the financial services industry.

3-Languages

• English (fluent)
• Spanish (sufficient level or one to be necessarily acquired)
• French or Portuguese (if possible).

SKILLS

1-Technical

• IT Audit practices.
• Strong technical background in IT activities notably IT Development and Maintenance, IT Security and namely Cybersecurity, and IT Continuity.

2-Transversal & Behavioral

• Analytical skills.
• Ability to synthetize and present things in a way understandable to non-IT readers.
• Ability to promote a constructive, cooperative teamwork environment.

BENEFITS

• Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries.
• Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity).
• Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities.
• Flexible compensation plan.
• Hybrid telecommuting model (50%).
• 32 vacation days.

Diversity and inclusion commitment

BNP Paribas Group in Spain is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.