LEAD AUDITOR
BNP Paribas
Madrid, Community of Madrid, Spain
hace 5 días

MISSIONAND OBJECTIVES

The Information andCommunications Technology (ICT) Risk department is part of the Group RISK ORCFunctions within BNP Paribas.

It is a part of the 2nd Line Of Defence (2LOD)under the Bank’s Chief Cyber & Technology Risk Officer. Among others, thedepartment has responsibility for identification of key technology risks to theBank and influencing business and technology partners to take sound riskmanagement decisions.

This is achieved bydelivering :

  • Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks.
  • Tracking issues and agreed actions to completion.

  • Horizontal Risk Assessments : Assessing technology risks in relation to a particular theme or technology across the organization.
  • Examples could be assessments of the firewall change process, applications processing >

    $5m per day, applications hosted in the cloud, etc.

  • Vertical Risk Assessments : Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.
  • or our Internet connectivity.

  • Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions.
  • Recurrent analysis of maturity of controls on all entities of the Group.
  • Independent Technical Testing (ITT) is one of the activities of theInformation and Communications Technology Risk department.

    You will join thisteam and participate to internal assessments to identify Information andCommunications technologies risks, including these linked to Cyber Securitywith a BNP Paribas Worldwide scope.

    MAINRESPONSIBILITIES

    The Assessor shall be anall-round specialist in Information and Communication Technologies, whichinclude IT Processes, Governance, Architecture, Network, Systems, Application,Cyber Security and Continuity related subjects.

    The assessor shall be competentto improve team skills on some ICT subjects and ensure the quality, relevanceand traceability of all identified gap.

    As an assessor, you willinteract directly with customers at all levels of managements, and be able tosynthetize, popularise technical findings and identify risk.

    Your excellentinterpersonal and verbal / written communication skills will help to ensure thegood roll out of assessments.

    As part of the team, you willalso have the chance to help to improve the assessment methodology and todevelop the team tooling to improve the relevance of the findings.

  • Provide independent advice and timely assurance to management on the adequacy and effectiveness of policies, process, systems and controls.
  • Contribute to the development and implementation of a comprehensive assessment methodology and the tooling associated to deliver consistent reports.
  • Schedule and plan assessments with customers, assessors and team members.
  • Interact with customers of all level of management.
  • Document and report results of investigation by ensuring the quality, relevance and traceability of the weaknesses identified.
  • Ensure the on time delivery of complete and accurate reports.
  • Leading and overseeing the life cycle of an assessment.
  • TRAININGAND OCCUPATIONAL EXPERIENCE

  • Master Degree orequivalent in ICT domains.
  • 3+ as IT assessor.
  • Industry-recognizedinformation security certifications such as CISSP, CISA, GCCC, CISM, CRISC,CEH, OSCP or Security+.
  • Mastery ofdelivering formal deliverables such as PowerPoint presentation, reports orprocedures.
  • Demonstratedability to communicate effectively and to present in a structured approach.
  • Mastery of MSOffice skills.
  • Good knowledge ofICT subjects.
  • Demonstratedability to communicate effectively with stakeholders and technical staff.
  • Excellent writtenand verbal communication.
  • SKILLSAND BEHAVIOURS

  • Role model, promotion of a culture of good conduct andcontribution to maintaining such a culture
  • Proactivity, transparency and clear accountability forthe determination and management of behavior risks
  • Consistently develop ana leverage the teamwork betweenpeers, management and stakeholders
  • Eye for details, ability to process high quantity ofdocuments and correlate them
  • Be able to work under pressure in international environment
  • Highly organized, with a proven ability to manage awide number of subjects at any given time.
  • Be an enthusiastic and committed team player
  • Understanding of the Agile audit approach
  • Prepared to travel internationally
  • ESSENTIALSPECIFIC REQUIREMENTS

    Mastery of concepts related tonetwork infrastructures, information system security including emerging threatsand attacks methodologies, for example :

  • Network security, network equipment configuration,network protocols, network standards, supervision, "ConceptualSkills," "Decision Making," "Informing Others,"functional and technical expertise, reliability, information security policy.
  • Recognized skills for the integration of differentsecurity or data protection technologies within a coherent architecture toeffectively cover the risks of the company.
  • Mastery of technical testing tools and scriptdevelopment
  • Experience of pen-testing (network, application,system...) will be a plus
  • Good technical understanding of security technologies,including intrusion detection / prevention, correlation of events, firewall,antivirus, anti-spam, policy tightening, patch management and configurationmanagement, audit, security development technique, etc.
  • Knowledge of cryptographic standards for encryption,electronic signature, key management infrastructure (PKI).
  • Good understanding of native platforms or commonapplications such as (non-exhaustive list) : UNIX, Linux, Windows, Android, IOS,Oracle, MS SQL, Microsoft Outlook, J2EE and.NET applications, etc.
  • Knowledge of IT controls
  • Reportar esta oferta
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Inscribirse
    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Continuar
    Formulario de postulación