8 months ago
BNP Paribas Overview
BNP Paribas has a presence in 75 countries with more than 185,000 employees, including 145,000 in Europe. It ranks highly in its two core activities: Retail Banking & Services and Corporate & Institutional Banking (CIB).
BNP Paribas Corporate & Institutional Bank is a leading European investment bank with global leadership in many of our businesses. With nearly 20,000 employees in over 45 countries, CIB can offer you an exciting and truly global career.
At BNP Paribas CIB, we work continuously on behalf of our clients, helping them to realize their projects around the world. You can be an important part of this, helping us to serve our clients both in mature and emerging markets, providing them with financial solutions across a diverse range of expertise, products and services. Our origins lie in Europe, but nearly a quarter of our employees now work in our multi-award-winning Asia Pacific offices and we are a committed player in all markets.
Strong risk management, combined with the stability that comes from being part of one of the largest banking groups in the world, underpin our success. Joining us, you’ll become an integral part of a dynamic team that spans nationalities, cultures and backgrounds, drawing together people from around the globe and reflecting our commitment to international placements.
The Information and Communications Technology Risk department is part of the Group RISK Functions within BNP Paribas. It is a part of the 2nd line of defence under the Bank’s Chief Cyber & Technology Risk Officer. The department has responsibility for identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions. This is achieved by delivering:
- Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks. Tracking issues and agreed actions to completion.
- Horizontal Risk Assessment: Assessing technology risks in relation to a particular theme or technology across the organisation. Examples could be assessments of the firewall change process, applications processing >$5m per day, applications hosted in the cloud, etc.
- Vertical Risk Assessments: Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc) or our Internet connectivity.
- Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions.
The Emerging Technology and Governance team plays an integral role in the risk assessment of Group’s security posture and aids the decision making process for new products, services, technology or infrastructure. The Emerging Technology & Governance team is responsible for internal and external engagement with peer groups and information security circles regarding emerging risks and understanding the use of new innovative technology, to proactively assess and issue an independent risk perspective on cyber risks.
Responsible for implementation of enterprise-wide ICT reviews of large transformation programs and projects across the Group, reporting to the Global Head of Emerging Technology and Governance, and collaborate with key stakeholders in Functional Architecture, Technical Architecture, IT Security and ICT RISK.
The ICT Project Reviews Risk Consultant will help to identify ICT risks within banking platforms and applications and make recommendations to improve the control posture of these systems. The individual needs a sharp intellect, an eye for detail, a high analytical capability and a good functional/technical background. Stakeholder management and understanding the business need will be a key element of this role. The individual is required to work autonomously, using sound judgment to decide which risk categories to pursue and prioritize workload accordingly. An interest in banking technologies, emerging technologies, cyber security and current affairs is essential.
A significant proportion of this role will be responsible for conducting ICT risk reviews for large scale transformational projects programs, focusing on the banking technologies and communicating the findings back to senior stakeholders, specifically:
- Reviewing and validating the appropriateness and completeness of functional and non-functional requirements to ensure these are aligned to ICT risk and cyber security requirements
- Challenging functional and non-functional requirements, solution architecture design, security architecture focusing into the contextual, conceptual, logical and physical views of the architecture
- Contributing to the decision-making of strategic technology choices for key functional and non-functional capabilities
- Review and challenge new emerging technologies and agile processes applied in projects to identify and address ICT risks
- Challenging the selection process and the appropriateness of the of the chosen system for solutions sourced either internally or externally
- Review entity developed IT roadmaps to ensure alignment to the Group IT strategy and ensure that existing and future ICT risks related to the IT environment have been considered
- Working alongside Group & Entity security, technical and functional architects to provide guidance to projects and programs and supporting the delivery of banking solutions that conform to both BNP Paribas and industry best practices
- Provide cyber security and ICT risk control recommendations for security architectural designs for the Bank’s systems and applications and cyber security platforms
- Represent RISK ORC ICT for projects at reference architecture boards and project committees
Financial services or consulting industry experience is a must.
- Fundamental experience of reviewing and / or implementing large and complex cyber security platforms and technologies for banking systems
- Fundamental experience of analysing and implementing solutions to meet both functional and non-functional requirements
- Detailed working knowledge of the systems, interfaces, data and infrastructure of banking systems and the underlying technologies used to implement the components.
- The ability to communicate effectively to business and IT stakeholders with particular emphasis on solution architectures to a range of stakeholders at varying levels of seniority
- Able to bring extensive knowledge of architectural patterns, technology components, vendor solutions and emerging technology trends
- Sound understanding of digital trends and challenges across the Banking & Financial Services industry, gained through project experience, publication of thought leadership, articles
- Technically credible in cyber security platforms, banking technologies and enterprise banking platforms with experience in areas of Service Orientated architecture, API driven micro-services and mobile stack development technologies
- Experience with applicable risk & control frameworks and regulatory/legislative compliance mandates relating to the financial industry
- Demonstrated ability to integrate various security & data protection technologies and controls into a cohesive architecture that sufficiently mitigates risk to the enterprise.
- Thorough understanding of the security controls (for example but not limited to encryption, network security, identity & access management, logging & monitoring) provided in common platforms and applications including, but not limited to: Unix, Linux, Windows, Android, iOS, Oracle, MS SQL Server, Microsoft Outlook, J2EE and .NET applications, etc.
- Familiarity with hosted and cloud services and control approaches. Knowledge of Cloud solution platforms and cloud security is preferred.
- Working knowledge of architectural frameworks such as the TOGAF standard
- A professional qualification relevant to Information Security such as CISSP, CISM, CRISC, CEH or Security+. Bachelor Degree / Masters in Information Systems, Computer Science, Computer Engineering or equivalent experience
Soft Skills Required:
Experience in managing a large team successfully, providing coaching, opportunities for progression and enhancing utilization to maximize performance;
Excellent stakeholder management skills;
Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate;
Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done;
Location: London / Salary: Competitive / Closing date for applications is: 17/07/2018