BNP Paribas is a leading European bank with an international reach. It has a presence in 74 countries, with more than 192,000 employees – including more than 146,000 in Europe and over 4,000 in Portugal alone.
BNP Paribas is present in Portugal since 1985, having been the first foreign bank to operate in the country. Today, BNP Paribas has several entities operating directly in this territory, offering a wide range of integrated financial solutions to support its clients and their businesses.
Worldwide, the Group has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance.
The Information and Communications Technology Risk department is part of the Group Risk Functions within BNP Paribas. It is a part of the 2nd line of defence under the Bank’s Chief Cyber & Technology Risk Officer. Among others, the department has responsibility for identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions.
This is achieved by delivering:
Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks; tracking issues and agreed actions to completion
Horizontal Risk Assessments: Assessing technology risks in relation to a particular theme or technology across the organization
Vertical Risk Assessments: Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.) or our Internet connectivity
Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions
Recurrent analysis of maturity of controls on all entities of the Group
ROLE AND RESPONSIBILITIES
Independent Technical Testing (ITT) in one of the activities of the Information and Communications Technology Risk department. The Lead Auditor will participate to internal assessments to identify Information and Communications technologies risks, including these linked to Cyber Security with a BNP Paribas Worldwide scope.
The Lead Auditor shall be an all-round specialist in Information and Communication Technologies which include IT Processes, Governance, Architecture, Network, Systems, Application and Cyber Security related subjects.
The Lead Auditor shall play a lead role in the successful completion of assigned assessments from start to finish. The Lead auditor shall be competent to strengthen team spirit, improve team skills on different ICT subjects and ensure the quality, relevance and traceability of all identified gap.
In addition, the Lead Auditor will interact directly with customers at all levels of managements, and be able to synthetize, popularize technical findings and identify risk. Your excellent interpersonal and verbal / written communication skills will help to ensure the good roll out of assessments.
Also, will have the chance to help to improve the assessment methodology and to develop the team tooling to improve the relevance of the findings.
Based on this, the Lead Auditor will be responsible for the following:
Provide independent advice and timely assurance to management on the adequacy and effectiveness of policies, process, systems and controls
Contribute to the development and implementation of a comprehensive assessment methodology and the tooling associated to deliver consistent reports
Schedule and plan assessments with customers, auditors and team members
Interact with customers of all level of management
Document and report results of investigation by ensuring the quality, relevance and traceability of the weaknesses identified
Ensure the on time delivery of complete and accurate reports
Leading and overseeing the life cycle of an assessment
Master Degree in ICT domains (or equivalent)
Minimum experience of 5 years in IT Auditor or Lead Auditor ICT
Good knowledge of ICT
Mastery of delivering formal deliverables such as PowerPoint presentation, reports or procedures
Industry-recognized information security certifications such as CISSP, CISA, GCCC, CISM, CRISK, CEH, OSCP or Security+
Mastery of concepts related to network infrastructures, information system security including emerging threats and attacks methodologies, namely: Network Security, Data Protection, Pen-Testing, Security Technologies, Cryptographic standards for encryption, UNIX, Linux, Android, Windows, IOS, Oracle, MS SQL, J2EE and .NET
Proactive and problem solver
Solid communication and interpersonal skills
Fluent in English
Availability for training abroad
Please note that only applications submitted in English will be considered.
BNP Paribas is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.