IT Risk Analyst

Business Overview: In order to contribute to the durability of Bank's activities and regulatory compliance duties the IT Risk Management is responsible to ensure that territory IT risks are properly managed and reported in accordance with Intermediate Holding Company (IHC) regulatory requirements as well as Group, Global and Local IT policies and procedures.IT Risk management responsibilities for North America entails utilizing the framework defined by Group IT Governance of BNP Paribas as well as the Group IT Risk Management framework, working with Information Security, Information Technology team members and overall IT management to develop sustainable Information Security and Information Technology processes and controls, conducting internal process and control assessments, reporting and acting as a liaison for External Audits and Regulatory Examinations interactionsThe missions of the IT Risk Specialist are to ensure, within his/her entity in charge of IT activity (which encompasses, IT governance, IT development, IT production, Business continuity, Security, Access Right), the realization of the IT Risk and Controls including the measure and the management of all IT risks category linked to the ICT (Information and communication technologies) in declination of the framework defined by Group IT governance of BNP Paribas, as well as the deployment and coverage of the Group IT Risk Management frameworkResponsibilities:As per BNP Paribas internal control charter, operating entities, and first and foremost, their managers, are accountable for the risks they are exposed to given the businesses or services they run or deliver. In this respect and in full compliance with regulations applicable at group level and at their own level, and with group's norms and requirements, operating entities should:Identify and assess Information Security and Information Technology risks they are exposed to and the corresponding risk monitoring and mitigation framework (segregation of duties, controls, incidents management, action plans).Ensure the continuous implementation and adaptation of this framework and of any actions for improvement that may be required.Ensure proper awareness on risks and training on the Group IT Governance and Group IT Risk Management framework,Develop proper risk monitoring toolsEnsure transparent monitoring information to:their reporting lines, either hierarchical or functional,the independent control functions,the deliberating bodies (Board or assimilate),the supervisorsThe IT Risk Specialist has to ensure, in coordination with different stakeholders [Risk, IT Risk Management Group, Metier/Functions Operations Permanent Control (OPC), CIB Anti-Fraud, Compliance, Regulatory Affairs, Supervisory Relations]:The implementation of an efficient IT Risk Management framework within his entity in charge of IT activity whose components are declined from the Level 2 procedure of 'Risk / IT Risk Measurement and Management - Risk / IT Missions and Responsibilities' and from the Level 2 procedure 'Oversight of Risk / IT organization and Governance'. The management of IT risk operationally by assessing and treating appropriately the risks.Maintenance of new policies and procedures,.Ensuring existence of the appropriate IT organization structure in incident and control systems.The follow-up (and production of regular reporting) of Metier/Region IT recommendations implementation (e.g. Internal auditors/Regulator/External/Permanent Control actions/Independent consultant); including the reminder to the implementation manager and the escalation at Metier/Region level in order to meet the Group objectives.Investigate and record Historical and Potential IT Incidents. Ensuring the proper collection and analysis of IT historical incidents and the validation of Metier/Region IT incidents before the input in the dedicated Group system, based on CIB standardized criteria.Contribute to the definition and follow-up of associated action plans in addition to regular reporting.Coordinate the bi-annual input of the CIB standard IT OPC control plan results and the main points of attention related to the IT activity processes for the Function/Metier/Region in a Permanent control report.Centralize and consolidate all information related to IT domains including those that are not directly under his direct responsibility. Validate the report with the IT Metier/Region management.Identify Metier/Region IT risks and perform the follow-up of those IT risks in CIB Archer, ensure that the analysis and evaluation of the underlying risks (via the mapping and analysis of historical incidents have an IT cause). Evaluate the IT risk by assessing and appropriately treating the risksContribute to the quantification of IT Metier/Region potential incidents (for AMA entities).Coordinate all IT permanent control actions for the Metier/Region to ensure a complete and efficient IT Risk Management Framework.Act on behalf of management to ensure on-going deployment and maintenance of the controls. This includes providing management with status reporting and escalations when needed.Develop sustainable processes, and controls, as required for the Information Security, Information Technology and Governance, as needed.Coordinate with IT Risk Managers, team members, local management and Global CIB where needed, to provide reasonable assurance that the security program and IT Governance processes and controls are properly implemented and corrective actions are taken where needed.Coordinate with all IT team managers and drive process development, control identification and implementation and other improvement initiatives including facilitation of RCSAs (Risk and Control self-assessments)Coordinate and lead the deployment of the mandatory procedures in the BNP Paribas Group IT Governance Framework and report to management on status/progress.Coordinate with Information Security and Information Technology team managers, Global CIB, Group Governance Coordinator where needed, to produce other applicable reporting requirements, such as Control Plan Reports, Information Security Steering Committee dashboard reports, Global Security Indicator reports, Vulnerability Tracking reports, Monthly IT Production Control Status Reports and other applicable reporting requirements.Coordinate with the appropriate personnel to perform internal controls assessments, report on the results or internal control assessments and coordinate any necessary follow up action to address control weaknesses or opportunities for improvement.Liaise with the US Regulatory Affairs Team to identify IT procedure needs, assist with creation and maintenance, and coordinate IT responses to regulatory questionnaires.Liaise with NAR Métier OP, IT OPC Personnel and CIOs / CTO / CISO to coordinate escalations and follow-ups on IT risk remediation/mitigation actions as required.Contribute to the development and management of IT policies and procedures for the Intermediate Holding Company (IHC) as well as Group, Global and Local ITAnalyze CIB/IS North America IT Risks and interface with Bank of the West personnel to prepare Technology Risk Reports for the IT Management.Policy Governance for CanadaReview updated or new procedure for completeness and non-disclosure of PII data.Maintain the Policy library to ensure documents are as per the required framework.Qualifications:Bachelor's degree Knowledge and experience with IT and/or Operational Risk. Minimum of 1 to 2 years of related experience in , Information Technology Risk and Control, Information Technology, Governance of Information Technology, or a related field.Experience in developing processes, implementing controls, writing or working with information security and technology policies or procedures and liaising with IT and Business personnel (at all levels)Familiarity with COBIT, ITIL, FFIEC, ISO/IEC 27001, ISO/IEC 9001, ISO/IEC 20000, SEC, SOX, GLBA, FINRA, Dodd-Frank and other related control frameworks or legislation and regulatory sources is a plus.Strong communication skills, both verbal and written, diligent, detailed oriented, proactiveGood organizational skills, project management and ability to manage multiple tasks simultaneously.Ability to work effectively, independently and within teams, to achieve management objectivesProactive and eager to take on new tasks and challenges,Ability to identify and propose opportunities for process (and control) improvements.Ability to lead meetings and forward discussions, carry out day-to-day operational work while thinking and planning both tactically and strategically.Ability to create executive level reportingStrong problem solving and analytical skillsDemonstrates Persistence, poise and perseverance and able to complete deliverable, accomplish goals and objective under pressure and within set timelinesProficient in MS Office (specifically Excel, PowerPoint, Word), VISIO, SharePoint,Experience with Archer system; or a similar Governance, Risk and Compliance Tool (GRC Tool).Minimum required qualifications:Bachelor's degreeMinimum of 1 to 2 years of related experience in IT Risk Management and Controls.Experience in Managing processes, implementing controls and writing policies or procedures by liaising with IT and Business personnel.Strong communication skills, both verbal and written, diligent, detailed oriented, proactive.1 to 2 years of project management experience.Strong problem solving and analytical skillsPreferred qualifications:Professional certifications CRISC,ITIL-FFamiliarity with COBIT, ITIL, FFIEC, ISO/IEC 27001, ISO/IEC 9001, ISO/IEC 20000, SEC, SOX, GLBA, FINRA, Dodd-Frank and other related control frameworks or legislation and regulatory sources is a plus.