Position Purpose Operating entities organize their Operational Risk Management and their Permanent Control framework on a risk-based approach. The intensity of the framework and its governance should be commensurate to the materiality of the entity and its operational risk exposure.
To achieve this, designated IT Operational Permanent Controllers manage all the IT Operational Risks and Permanent Controls under the authority of the Head of the Operating Entity.
The OPC also coordinates the entitys Operational and Permanent Control framework related to all operational risks front-to-back and end-to-end, to ensure compliance with internal policies, procedures and guidelines as well as external regulatory and supervisory requirements.
The role is to provide both the Onshore IT Business Units and Onshore IT Management with the assurance and visibility that IT Controls are executed in a controlled and managed way. In addition to the specific responsibilities detailed below, the successful candidate will be expected to demonstrate understanding in other areas of Risk & Control Management including strategies surrounding Process Engineering, Configuration Management, Change, Incident & Problem Management, Non-Conformities and Corrective Actions Management, Risk Identification and Control, Project Management and Tools and Methods.
Responsibilities
Direct Responsibilities
Overall responsibility for the Risk and Control function for the assigned IT Business Units
Identification and assessment of IT risks and IT controls as per group guidelines
Define and regularly update the entitys IT control plan according to the outcome of the risk assessment, regulations, and other risk events.
Identify control gaps and propose solutions and ensure control gaps are adequately addressed
Identify system/ control deficiencies and propose solutions to strengthen the control environment
Monitor controls are performed as per the defined control plan
Ensure timely and comprehensive contribution to Risk Governance committee meetings.
Follow-up and contribute to close recommendations/permanent control actions/incident remediation actions.
Ensure operational risk incidents are reported as per the BNP Paribas Incident reporting policy and implementation of corrective and preventive actions
Ensure appropriate training and awareness on Operational Risks are provided to employees.
Ensuring all key risks & control deviations reported to Senior management along with corrective action plan and Control Results updated accurately with all the deviations
Ensure that the Head of Department is properly informed, that issues are escalated in a timely manner and that sufficient information is provided to form appropriate judgments
Contributing Responsibilities
Mentor/Train junior staff members as and when required
Contribute to the upkeep and maintenance of the Permanent Control Framework.
Provide support and/or manage key transformation projects where needed, and take them to a successful conclusion
Active participation on adhoc tasks and/or projects as assigned by Management from time to time
Technical & Behavioral Competencies Undergraduate Degree in Computer Science or related field is required; Advanced Degree (MS) is desired. CRISC (Certified in Risk and Information Systems Controls) and/or CISA (Certified Information Systems Auditor) is preferred, or CISM (Certified Information Systems Manager) or CISSP (Certified information Systems Security Professional) will be helpful,
Minimum of Seven years recent experience in Information Technology audit, or as hands-on IT control tester in first or second lines of defense
Working knowledge of COBIT methodology and NIST framework; familiarity with US FFIEC IT Examination guidelines (e.g., Development and Acquisition IT Handbook) will be helpful, but not required
Strong background with principles and techniques of testing IT general controls, infrastructure controls, and application controls
Excellent communication skills (verbal, written), interpersonal skills, and interviewing skills
Strong risk and control awareness, and knowledge of risk assessment methodology
Motivated self-starter, exceptional analytical abilities, strong organization and teamwork skills
Experience working in large global financial services organization
Be able to demonstrate business tactical and strategic thinking, be innovative and creative with an ability to think outside of the box
Be comfortable discussing or reporting the results of IT control testing with the banks management
Hands-on IT Operations experience is a plus
Experience working in IT Development and/or IT Production setting
Ability to:
o Collect and analyze complex information
o Work under pressure
Good time management on complex and multiple tasks
Should be comfortable to work in NAR shift timings
Knowledge of Project Management methodology (e.g. PMP, Prince2) is a plus
Experience Level
: At least 7 years
