Vice President –Technology Risk Manager (ICT Information Security and Information Technology)
Amsterdam (Montgomery) Accounting / Management control
Job description
About BNP Paribas:
BNP Paribas is a leading bank in Europe with an international reach. It has a presence in 74 countries, with more than 192,000 employees, including more than 146,000 in Europe. The Group has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, the Group has four domestic markets (Belgium, France, Italy and Luxembourg) and BNP Paribas Personal Finance is the leader in consumer lending. BNP Paribas is rolling out its integrated retail-banking model in Mediterranean countries, in Turkey, in Eastern Europe and a large network in the western part of the United States. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas also enjoys top positions in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific.
www.cib.bnpparibas.com
Business Overview:
The Intermediate Holding Company (“IHC”) program structured at the U.S. level across poles of activities of BNP Paribas provides guidance, supports the analysis, impact assessment and drives adjustments of the U.S. platform's operating model due to the drastic changes introduced by the Enhanced Prudential Standards (“EPS”) for Foreign Banking Organizations (“FBOs”) finalized by the Federal Reserve in February 2014, implementing Section 165 of U.S. Dodd-Frank Act.
Fully integrated in the BNP Paribas Group, BNP Paribas Corporate and Institutional Banking (CIB) is a leading provider of solutions to two client franchises: corporates and institutionals, and operates across EMEA (Europe Middle East Africa), APAC (Asia Pacific) and the Americas. The bank is a global leader in Debt Capital Markets and Derivatives. It is a top European house in Equity Capital Markets and it has leading franchises in Specialized Financing. In Securities Services, it is a top five House worldwide. BNP Paribas CIB strives to service the global economy by providing solutions to its clients in financing (ECM, DCM, specialized financing), flow banking (trade finance and cash management), financial advisory (M&A, project finance), global markets (interest rates, credit, foreign exchange, equity derivatives), risk management, and securities services.
Information and Communication Technology (ICT) is a strategic consideration for BNP Paribas. ICT risk is the chance or possibility of harm being caused to a business as a result of a loss of the confidentiality, integrity or availability of ICT assets. ICT risk management is the optimization of the information asset/control relationship in the context of a cost/benefit analysis and in alignment with the organization's overall risk appetite. Second line Risk Managers are responsible for the aggregate entity and group-wide ICT risks, and are granted independent authority to effectively test and challenge the first line's approach to ICT Risks.
Responsibilities:
The ICT/ Information Security and Information Technology Risk Manager (2LOD) within the BNP Paribas CIB ORC ICT Organization will provide oversight and guidance across both direct and indirect areas of responsibility for the CIB Americas set of operating entities. Key responsibilities include:
· Managing the execution and coordination of the Information Security and Information Technology risk functions related to the execution of framework components and sustainment of technology risk governance across the enterprise to include the oversight and monitoring of First Line of Defense (1LOD).
· Performing Second Line of Defense (2LOD) functions in support of the Information Security and/or Information Technology Risk; Technology Risk framework and articulate residual risk in various forms and formats. The Information Security and Information Technology - Technology Risk Manager is responsible to drive the use of empirical methodologies in order to improve decision making processes and help manage operational risk consistent with the Bank's Risk Tolerance and Risk Appetite.
· Responsible for performing risk management analysis of the Bank's essential Information Security and/or Information Technology Services and processes through the review of 1LOD assessment documentation, external audit reports, evidence of Information Security controls and overall effectiveness of Operational and Technical Controls to protect the Bank's assets.
· Work closely with 1LOD partners within the Information Security and/or Information Technology areas to further the ORC ICT Risk Management program.
· Partnering with federated 1LOD Information Security and/or Information Technology risk teams across the organization to provide directions and to ensure sound controls are implemented within the various business groups that provide enterprise Technology Risk program requirements.
· Providing leadership in the planning, development and implementation of Information Security and/or Information Technology risk from an ORC ICT - Technology Risk frameworks/measurement methodologies, policies, standards and procedures specific to the needs of the enterprise, which are aligned with the Bank's Operational Risk Program and risk appetite.
· Where appropriate, leading teams of Information Security and/or Information Technology Risk professionals in support of bank-wide operational risk goals and objectives to drive clarity as to potential areas of material ORC ICT risk.
· Analyzing and documenting various processes and products, existing or new, by working with the 1LOD risk teams to identify key processes and help assess the effectiveness of Key Controls within those processes.
· Working with management and staff in areas of the organization affected by technology changes practices to ensure understanding and implementation of Information Security and/or Information Technology risk policies, standards, and procedures.
· Collaborating with 1LOD risk teams to study and investigate Information Security and/or Information Technology risk issues/findings and identify and implement sound and effective solutions.
· Performing and/or analyzing periodic testing to determine effectiveness of adherence to the Bank's defined Information Security and/or Information Technology risk related requirements, internal policies and best practices.
· Performing oversight of governance for Information Security and Information Technology risk related across the organization to ensure ORC ICT risk is identified, assessed, quantified, appropriately mitigated and managed through the lifecycle of the product/service.
· This would be accomplished in a variety of means including, but not limited to, assessments of 1LOD risk programs, challenge/validation of assessments performed by 1LOD and challenge/validation of metrics
· Reviewing, analyzing and making recommendations to the design and implementation of the Information Security and/or Information Technology – ORC ICT Technology Risk Management Framework
· Working with key partners, draft reporting which includes metrics/KRIs, program status, Information Security and Information Technology risk profile(s), risk acceptances and other information in order to provide a holistic picture of Information Security and/or Information Technology Risks with OCR ICT Technology Risk
· Ongoing monitoring to ensure key program requirements are being met through analysis of metrics and data
· Performing industry best practice monitoring to identify incidents and risk trends
· Escalating issues to appropriate levels within organization
· Performing periodic/ad-hoc reviews/testing to determine if program is operating as designed
· Providing subject matter expertise related to program questions
· Providing input to Information Security and Information Technology risk related assessments
· Providing timely updates to address any Information Security and Information Technology risk issues
· Key liaison with corporate offices such as the Operational Risk Department, Security, Vendor, Compliance, Audit, Legal and HR as well as with other business units
· Promoting technology risk and operational risk awareness
· Developing new tools, defines requirements, identifies data sources, analyzes data and prepares reports as needed to effectively provide workable solutions or respond to requests for information from various internal and external sources
· Documenting appropriately within working papers to support conclusion of work effort completed
· Identifying enhancements for program tools to support and improve reporting
· Supporting quality assurance sampling and secondary reviews as required
· Reviewing, analyzing and making recommendations regarding the design and implementation of the operational risk management framework as applicable and required for technology risk
· Where appropriate, leading teams of Information Security and/or Information Technology Risk professionals in support of bank-wide operational risk goals and objectives to drive clarity as to potential areas of material ORC ICT risk.
· Staying current in technology specific operational risk management techniques, industry best practices, and regulatory requirements, as well as specific areas of Information Security and Information Technology risk.
· Performing other duties as assigned
Desired profile
Qualifications :
Minimum Required Qualifications
· 7+ years combined Information Technology, IT Risk Management, Information Security, and/or IT Audit experience
· 5+ years of Information Security and/or Information Technology experience
· Bachelor's degree
· 2+ years of executive level presentation material development experience
· 2+ years of IT Risk Management best practices: ISO/IEC31000, ISO27001 or ISO/IEC 20000
Preferred Qualifications:
· CRISC / CISA /CISM /CISSP
· Process/Quality Management discipline experience (Six Sigma, etc.)
· 5+ years' experience working in Technology Risk Management preferred
· 2+ years supervisory or managerial experience preferred
· Bachelor's degree in Information Technology, Information Security, or Cyber Security preferred
· Extensive knowledge of technology and banking products in an operating environment
· Ability to work collaboratively by building consensus and influencing decision making to foster forward progress with projects and initiatives.
· Proven leadership style that includes exceptional people skills, program management, business and technology expertise
· Excellent organizational skills, coupled with ability to be versatile and flexible
· Sound business judgment and the ability to work successfully with all levels of management
· Creativity and the ability to produce innovative solutions.
· Demonstrated ability to work independently and within a team
· Excellent PC skills (MS Word, PowerPoint, Publisher, Excel and VISIO)
FINRA Registrations Required:
Not Applicable
BNP Paribas is committed to providing a work environment that fosters diversity, inclusion, and equal employment opportunity without regard to race, color, gender, age, creed, sex, religion, national origin, disability (physical or mental), marital status, citizenship, ancestry, sexual orientation, gender identity and gender expression, or any other legally protected status.