Operational Risk Officer - Technology Expert

About Business line/Function:

RISK Operational Risk Management (RISK ORM) CIB belongs to the second line of defence of BNP Paribas Corporate and Institutional Bank (CIB). RISK ORM CIB belongs to the Risk Function (RISK) of BNP Paribas (RISK) and is placed under the responsibility of the Chief Operational Risk Officer (CORO) for CIB.

The department has responsibility for independently challenging and supervising the Operational Risk management of CIB activities (Global Banking, Global Markets, Securities Services, Operations and Functions) on a worldwide scope. In the territories that CIB operates, there is responsibility to cover the Assets Liability Management and Treasury (ALM-T) operations too. All of the above is achieved through framing operational risk methodology for CIB and disseminating of risk management culture across CIB; assessing the adequacy of the CIB operational risk management set-up; controlling effectiveness of CIB control environment; contributing to the detection, anticipation and response to risks; alerting CIB and RISK stakeholders on any significant risk issue; providing a consolidated view on CIB operational risks profile.

As the second line of defence for Information and Communications Technology (ICT) risks, RISK ORM has the responsibility for oversight and supervision on ICT risks for CIB, ensuring and opining that appropriate ICT risk management efforts are underway and raise any alerts in case of issues to the stability of the Bank and influencing business, functions, and technology partners to take sound risk management decisions

Purpose: The ICT risks including, but not limited to, Information Security, ICT Availability and Continuity risks, ICT Change risks, ICT asset management, ICT resilience and ICT outsourcing are a key topic for losses, reputational impact, and systemic operational risk for financial services. This role exists to support the supervision and oversight of the management of such risks. Specifically, the role will be involved in independent control through Level 2 Controls and quality review of the ICT incidents.

Scope

Responsibilities

The candidate will be responsible for operating independently and supporting the the RISK ORM CIB Technology and Transversal Risks team in its mission of ensuring the correct implementation of BNP Paribas permanent control framework.

Such support activity by this role includes

1. Following-up on the exceptions to the global normative framework for ICT risk management, including following-up on exceptions to any ICT procedures and any ICT Risk acceptance or mitigation on the normative framework (controls, procedures and other IT activities).

2. Supporting the control on ICT outsourcing risk management through opining on the risk assessments of ICT arrangements, their exit strategies, any notifications to authorities and ensuring data collection and inventory of data pertaining to the specific arrangement in CIB and Group inventories.

3. Performance of second level of controls (L2Cs) and other analyses aiming to ensure the appropriate design and effectiveness of the ICT control framework implemented by 1LoD, identification of areas for improvement and any recommendations for improvement.

4. Following up on the actions raised by RISK ORM CIB teams for ICT, recommendations from internal audit (Inspection General) and any other supervisory and regulatory bodies.

5. Checking and challenging and quality review the ICT incidents collection, reporting and management processes and their follow through during such incidents.

6. Checking and challenging the ICT indicators related to risk appetite of CIB and entities.

7. Support on the opinion provided on on change the bank (CTB) activities for ICT such as ITVCs, Proof of Concepts, Artificial Intelligence (AI) and Digital Assets projects and CSSI committees.

8. Production of reports, meeting decks and other deliverables in relation to the above points.

Assistance in promoting and driving awareness on ICT risks; to assist in organising risk meetings, forums and committees with community members across CIB

Successful candidate will have exposure to operating in risk management programs in global organizations, with robust knowledge of technology, risks, architectures, and related tools. Prior ICT continuity or ICT risk management experience (ICT, Cyber, resilience etc.) and exposure to the Financial Services industry is a must. Experience with Governance, Risk and Compliance (GRC) tools and other risk management information systems is preferred.

The individual will assist in the preparation / contribution to the development of independent testing controls and support the wider RISK ORM community globally in defining better maturity models for independent testing. Excellent presentation skills are necessary. Experience interacting with regulatory agencies is a plus

• Good knowledge of Business Continuity, ICT Continuity and Audit methodology and concepts.
• Understanding of the banking industry's regulatory requirements on ICT (e.g., NIST Cyber Security Framework, ISO27001, EBA Guidelines on ICT and security risk management etc.)
• Ability to articulate risk management concepts in business language
• Excellent written and verbal communication skills
• Proficient with Microsoft Office Suite
• Prior experience documenting tool requirements to support risk management
• Ability to travel to vendor sites and perform assessments as necessary
• Proven ability to manage issues through to resolution; skilled at making judgment calls.
• Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times
• Industry certifications (e.g. CISA, CISM, CRISC) or willingness to obtain the same
• Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework.
• Multilingual capability (English and French) is preferred

Conduct:

• Be a role model, supporting and fostering a culture of good conduct.
• Demonstrate proactivity, transparency, and accountability for identifying and managing conduct risks.
• Consider the implications of your actions on colleagues, partners, and clients before making decisions, and escalate issues to your manager when unsure.

Specific requirements:

• Suitable experience (5+ preferred) in ICT audit, ICT risk management or ICT continuity.
• Bachelors degree in information technology, Information Security, Business or Risk Management (or equivalent professional qualification).
• Team player focus on the success of the whole team. Working well both with others, as well as individually.
• Excellent stakeholder management skills.
• Experience in a 2LoD, Risk function, operations or an ICT Audit role.
• Good listening and analytical skills being able to come to a thoughtful and business focused conclusion quickly.
• Ability to co-operate and work well with others adopting an approachable style
• Ability to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits.
• Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate.
• Adapting personal approach to suit situations, individuals, groups and cultures.
• Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well.
• Being rigorous and thorough especially when logging and tracking issues through to conclusion.
• Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management.
• Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business.
• Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate.

Skills Referential

BehaviouralSkills:

• Ability to collaborate / Teamwork
• Attention to detail / rigor
• Client focused
• Creativity & Innovation / Problem solving

Transversal Skills:

• Ability to develop others & improve their skills
• Analytical Ability
• Ability to understand, explain and support change
• Ability to develop and adapt a process
• Ability to manage / facilitate a meeting, seminar, committee, training