ICT OPERATIONAL RISK OFFICER

ICT Operational Risk Officer

Location: BNP Paribas CIB, Integrated in the RISK ORM Global Iberian Centre of Excellence.

Your Main Activities

• Framework: Assist in the review, analysis and challenge of the ICT risk management framework, ensuring it aligns with RISK ORM guidelines. Validate exemptions to norms & standards and define ICT risk and control plans.
• Risk Identification & Assessment: Challenge and verify 1Lo
  D risk identification, ensure consistency of incident quantification, conduct independent ICT risk assessments (incident review, post‑mortem analysis) and validate closure of permanent control actions.
• Risk Decision & Treatment: Supervise the risk treatment process (acceptance, transfer, remediation) performed by BNP Paribas entities and departments; produce opinions on ICT risk exposure; oversee definition of risk mitigation action plans and implementation of recommendations.
• Control Testing: Conduct independent testing and challenge 1Lo
  D (IT and operations) controls; perform or oversee 2LOD tests/vulnerability scans when required.
• Risk Management Planning: Identify main ICT risk priorities, define the approach in line with the BNP Paribas framework, manage stakeholder relationships and ensure deliverables are completed.
• Risk Reporting, Monitoring & Alert: Support BNP Paribas Management and RISK stakeholders on incidents and crisis management (e. g. , security events, data leakage); raise critical points for risk management attention.
• Awareness / Training / Animation: Promote and drive awareness of ICT risks; assist in organising risk meetings, forums and committees with community members.

Profile and Skills

The successful candidate will have experience implementing risk management programs or working in an ICT assessment function within a reputable consultancy or global organisation. The role requires robust knowledge of technology, risks, architectures and related tools.

Prior ICT risk experience (IT, Cyber, Vendor Management, etc. ), exposure to the Financial Services industry, and familiarity with GRC tools or other risk‑management information systems are preferred.

Negotiation, conflict management and presentation skills are necessary. The individual will contribute to the development of BNP Paribas RISK ORM ICT independent testing controls and conduct risk and control self‑assessment re‑testing and validation.

Specific Requirements

• 4 years of experience specifically in technology risk assessments.
• Bachelor’s degree in information technology, information security, business or risk management (or equivalent).  
• Team player – focus on the success of the whole team; works well with others and individually.
• Excellent stakeholder management skills.
• Experience in a Technology Risk, Information Security or an ICT Assessment and audit role.
• Good listening and analytical skills – able to come to thoughtful, business‑focused conclusions quickly.
• Motivated to proactively collaborate, challenge and contribute to a highly qualified team of experts.
• Flexibility to travel and to work in a global context.
• Ability to cooperate and work well with others while adopting an approachable style.
• Ability to see the stakeholder perspective – understanding that the most secure solution is not always the most workable or realistic considering costs and benefits.
• Demonstrating a calm professional approach with an understanding of delivery within time constraints and the need to escalating/inform departmental management.
• Adapt personal approach to suit situations, individuals, groups and cultures and be flexible in getting the job done.
• Taking accountability for actions, being open and honest when things go wrong, and celebrating successes when things go well.
• Being rigorous and thorough, especially logging and tracking issues through to conclusion.
• Managing workload to meet realistic priorities and targets set in conjunction with management.
• Demonstrating a high level of commitment and self‑motivation, combined with enthusiasm and genuine interest in the role of Risk Assessment in business.
• Expressing views clearly and fluently, both orally and in writing – customizing communication to the audience and avoiding technical jargon where appropriate.
• Re‑thinking, promoting continuous improvement and presenting and implementing new solutions and approaches.

Competencies

• Good knowledge of ICT risks, IT control, information security, business continuity, IT operations and IT audit and assessment methodologies and concepts.
• Experience working with ICT risks, business continuity, IT management and operations, IT risk and IT audit teams.
• Ability to articulate risk management concepts in business language.
• Excellent written and verbal communication skills.
• Proficient with Microsoft Office Suite.
• Prior experience documenting tool requirements to support risk management.
• Proven ability to manage issues through to resolution; skilled at making judgement calls.
• Ability to multitask and complete difficult assignments within deadlines.
• Industry certifications (e. g. , CISA, CRISK, COBIT) or willingness to obtain the same.
• Works iteratively, delivering quickly and frequently to produce high‑quality documents and outputs with little to no rework.
• Multilingual capability (English essential, French preferred, other languages a plus).

Conduct

• Be a role model, supporting and fostering a culture of good conduct.
• Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks.
• Consider the implications of your actions on colleagues, partners and clients before making decisions, and elevate issues to your manager when unsure.

Equal Opportunity Employer

BNP Paribas is an equal‑opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity.