Job description
Execute IT and security risk assessments in IT and business, scoping projects or legacy assets (applications, business solutions, 3rd-parties organization, processes…). Maintenance of identified risks in the risk registry database.
Ensure that information security and IT requirements are included in third party’s contracts.
Execute the information security and IT control plans on third parties to ensure that they are performing accordingly with the contract.
Coordinate and perform IT and security audits on third parties.
Set up processes and procedures for an end to end IT and security management for third-parties.
Deliver consulting on risk management to internal customers (IT and Business).
Report risks and overall risk posture regarding Third-parties to Information Security, IT or Business Management
Contribute to definition and improvement of risk management methods and tools supporting those activities (risk identification guide, risk evaluation matrix, industrialization of risk monitoring and reporting framework and deliverables) taking into account your field experience as well as best practices coming from the BNP Paribas Group or other sources like regulators, Basel II, CobIT, ISO27000/31000 ...
Education
Bachelor/Master or equivalent by experience
Required Experience
At least 3+ years of relevant experience in IT Risk Management.
Technical Experience
Mandatory
Preferable
Security certifications like CISSP, CISM, CIPP, CCSK
Professional experience in Financial Services. used to work in large companies.
Experience in process design and improvement
Experience in Third-party IT and security assessments
Experience in Data protection, Business continuity, Access management
Experience in delivering presentations and training
Business Experience
Mandatory
Knowledge of Information Security and Risk Management frameworks (ISO27001, SOC, NIST, OWASP, etc.)
Strong IT background .
Preferable
Skills to be considered as an asset during the selection process
Soft Skills
Good autonomy, personal effectiveness
• Good verbal and listening communication (ability to ask questions, understand the viewpoints of others)
• Ability to analyze situations & capacity to synthetize
