10 months ago
BNP Paribas Overview
BNP Paribas has a presence in 75 countries with more than 185,000 employees, including 145,000 in Europe. It ranks highly in its two core activities: Retail Banking & Services and Corporate & Institutional Banking.
At BNP Paribas, we work continuously on behalf of our clients, helping them to realize their projects around the world. You can be an important part of this, helping us to serve our clients both in mature and emerging markets, providing them with financial solutions across a diverse range of expertise, products and services. Our origins lie in Europe, but nearly a quarter of our employees now work in our multi-award-winning Asia Pacific offices and we are a committed player in all markets.
Strong risk management, combined with the stability that comes from being part of one of the largest banking groups in the world, underpin our success. Joining us, you’ll become an integral part of a dynamic team that spans nationalities, cultures and backgrounds, drawing together people from around the globe and reflecting our commitment to international placements.
The mission of RISK function is to provide Senior Management of the Group and of the Operating Divisions with full transparency and dynamic analysis of the risks and clients managed by the various operating divisions: Corporate and Institutional Banking (CIB) , Retail banking, Investment Solutions (IS).
The scope of the RISK function within CIB in London is:
* Market and Liquidity risks: covering the CIB capital markets activities, ALM Treasury as well as the IS Business Units,
* Counterparty risks: covering all counterparty risks arising from derivative and repo transactions,
* Credit risks: credit analysis and approval for Financial Institutions Sovereigns, Wealth Management clients and other IS private clients,
* Insurance risks: risks generated by Insurance activities,
The RISK function contributes to the definition of the Group’s risk appetite, its risk decision making process and the optimisation of capital allocation to support the development of the Operating Divisions.
The RISK Systems team is part of RISK RAM (Risk Analytics and Modelling), whose mission includes providing the bank with a comprehensive capital markets risk system used to calculate market and counterparty risk capital figures using advanced methods and to support the needs of users for risk analysis, risk reporting and the credit process.
The position is an Application and Security Architect within RISK Systems, based in London, working under the direction of, and reporting to, David Harper, Head of IT Strategy & Governance.
The role is suitable for someone who has several years’ experience as a professional software engineer, has been involved in defining solution architectures, has an interest in application security, and is looking to move into a more senior design and validation role. The role does not require any software development.
The role is also suitable for an architect in a large team who wants to take on more responsibility.
The successful candidate will have responsibilities within the following areas:
* Enterprise Architecture, working in close co-operation with the RISK Systems management team
* Functional Architecture, working in close co-operation with the RISK Systems BA and Development teams
* Technical Architecture and Integration, working in close co-operation with the RISK Systems Development and Production Support team
* Application and Project Security, working in close co-operations with the RISK Systems BA, Development, Production Support and Business Operations teams
The candidate will also be expected to liaise with architects in both CIB and RISK COO as well as with project teams throughout the organisation.
* Prepare the quarterly Architecture IT Governance committee, present status, take minutes and track actions
* Prepare the IT Validation, contribute to the architecture opinion, take minutes and track actions
* Track and report architecture KPIs for regular IT dashboards
* Contribute to updates of the IT Master plan and related referentials
* Contribute to updates of the architecture policies, procedures, governance framework and waivers
* Ensure Enterprise Architecture fundamentals (principles, rules and processes) are applied
* Ensure consistency among the evolutions of all elements of a given IS (Architecture “health”)
* Ensure opportunities for synergies are identified
* Within the IT Master plan:
* Maintain the functional architecture
* Maintain the information and data strategy, including target data model
* Represent functional architecture in the IT Validation
Technical Architecture and Integration
* Within the IT Master plan:
* Maintain the technical architecture
* Maintain a technology roadmap aligned with technology standards
* Maintain an application and process technology usage cartography
* Monitor and manage technology choice, obsolescence and alignment
* Support the POC and integration of new technologies and frameworks
* Represent technical architecture in the IT Validation
Application & Project Security
* Prepare Application and Project Security inputs to the quarterly IT Risk and Cyber Security Committee.
* Ensure strategy & governance obligations are met including Policies, Procedures, KPI Steerings, and waivers
* Maintain the Group Security Form (GSF) for applications
* Organise security testing for applications and platforms
* Penetration testing
* Vulnerability scanning
* Security acceptance testing
* Maintain an inventory of security tools and libraries, including software packages and third party hosting
* Monitor the security of third party libraries, platforms and hosting used by applications
* Within the group Secure Development Process, perform the Application Security role in projects:
* Provide expertize on secure development as well as the security of languages and development frameworks.
* Provide advice to solution architects for application security related issues
* Verify the completion of security activities within the application development lifecycle
* Ensure application security norms and standards are respected by the development project
* Give an opinion at the Architecture, Design and Transition Gates regarding the ability of the proposed or completed solution to address the identified security risks.
* Collaborate with solution architecture and development team managers to promote a secure application development and code review culture.
* Represent Application Security in the IT Validation
Additionally the role will support other IT Strategy & Governance activities as directed by the Head of IT Governance and Strategy.
Skills & Experience Required:
· Mandatory practical demonstrable experience of applying functional, application and data modelling techniques, such as UML or similar, to describe business and application architectures, optionally also infrastructure architectures
· Mandatory experience of professional software development, including secure development lifecycles and ”DevOps”
· Mandatory knowledge of financial markets, optional knowledge of market and counterparty risk management including related regulatory requirements such as Basel III, BCBS-239
· Optional knowledge of the BNPP EAGLE Enterprise Architecture methodology or an industry equivalent such as TOGAF
· Optional a certification in a relevant IS Security field
Where the candidate lacks necessary training in Enterprise Architecture, Architecture Validation or Secure Development, the candidate will be supported to take appropriate internal training.
The successful candidate is expected to be:
· Forward thinking skilled individual
· Delivery-focused with a good eye for detail
· Structured, organised and a good communicator
· Able to work closely with IT teams.
· Willing to share knowledge and skills
· Whilst able to work independently, should be a true team player
* Be a role model, supporting and fostering a culture of good conduct
* Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks
* Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure.
Please note that all applicants must disclose whether that they possess the right to work in the U.K. as per the Immigration, Asylum, and Nationality Act of 2006.