In order to contribute to the durability of Bank’s activities and regulatory compliance duties the IT Governance, Risk and Controls Management is responsible to ensure that territory IT risks are properly managed and reported in accordance with regulatory requirements as well as Group, Global and Local IT policies and procedures.
IT Governance, Risk and Controls (GRC) management responsibilities for North America entails utilizing the framework defined by Group IT Governance of BNP Paribas as well as the Group IT Risk Management framework. IT GRC works with Information Technology teams that support the following IT functions; such as Application Development and Support, IT Production (Infrastructure); Information / Cyber Security, Information Continuity, Business Continuity and Third-Party Risk Management. IT GRC lead the IT Governance, Risk and Controls Program and assists IT management to develop, maintain and perform testing to ensure sustainable Information Technology and Information Security processes and controls. IT GRC facilitates process reviews, Risk and Control Self-Assessments, IT Risk Identification and Controls Assessment Assessment and develop, distribute and present Management reporting related to IT Governance Risk and Controls and acts as a liaison for External Audits and Regulatory Examinations interactions.
MISSION AND OBJECTIVES
The mission of the IT Risk Analyst is to contribute to the continuous improvement of the IT Governance, Risk and Controls around the IT infrastructure and business systems of CIB Americas. This includes the measurement and management of the IT risk, within the IT Activities linked to the ICT (Information and Communication Technologies) in declination of the framework defined by Group IT governance of BNP Paribas, as well as the deployment and coverage of the Group IT Risk Management framework.
•Coordinate with the appropriate personnel to perform internal controls assessments, report on the results of the internal control assessments and coordinate any necessary follow up actions to address control weaknesses or opportunities for improvement.
•Perform Controls Testing and Validation
•Conduct IT Governance, Risk and Controls related Awareness / Training sessions with IT Personnel as well as Team members
•Contribute to the development and management of IT policies and procedures, and other activities
•Assist with Management, Maintenance and Administration of the Team’s Sharepoint sites;
•Develop, Create, Distribute and Present Reporting data, obtain and incorporate updates
•Assist with the Project Management Activities related to the IT Governance, Risk and Controls team activities
•Monitor, Track and Follow-up on activities and initiatives
•Assist with coordination and communication of information provided by Group / Global IT or other Global / Local teams
•Assist with coordination and the Collection of information and ensure timely reporting and follow-up of open items
•Identify and Assess Information Security and Information Technology risks
•Maintain and distribute the assignment of controls amongst team members, assist with the coordination and training of new and existing team members;
•Assist with maintaining standard operating procedures within the team
•Assist with the development of Executive Management level - Reports, Dashboards, Status Reports, Meeting Minutes,
•Participate and conduct team and Management Meeting – capture and distribute meeting minutes
•Assist with the maintenance and updates to the Control Repository, and Risk Register.