In a changing world, unprecedented challenges require unmatched talent. Join one of Montreal's Top Employers in 2024. We are a dynamic and growing organization having its main establishment located in downtown Montreal and part of a leading international banking institution fully committed to building a more sustainable future. Note that the position may be in the Canadian Branch of BNP Paribas or in one of its subsidiaries based in Montreal. 

The position at a glance

The ICT (Information, Communication and Technology) risks including, but not limited to, Information Security, ICT Availability and Continuity risks, ICT Change risks, ICT Data integrity and ICT outsourcing are key topics for losses, reputational impact and systemic operational risk for financial services. This role exists to supervise and oversee independently the management of such risks. Specifically, the role will be involved in overall management of ICT risks including checking and challenging the risk assessments, action plans management, independent control through Level 2 Controls and quality review of the ICT incidents.

In detail

The candidate will be responsible for operating independently and working closely with the RISK ORM CIB Technology and Transversal Risks team in its mission of ensuring the correct implementation of BNP Paribas ICT permanent control framework in the CIB Americas region.

Responsibilities: 

• Establish himself / herself as the second line of defense subject matter expert for key stakeholders in matters related to Information Security and Cyber Risk Management for CIB Americas.
• Prepare information to enable the governance committees in their management oversight of ICT risks.
• Initiate timely escalations to the Head(s) of RISK ORM / ICT and Chief Risk Officer(s) where appropriate.
• Counsel business unit managers (e.g. Front Office) on risk management issues to ensure awareness and accountability for ICT risks.
• Collaborate with other 2LOD functions and teams across the Americas and Group on common priorities/projects (e.g. IHC-level processes, Group-level initiatives).
• Participate in evaluating new products/changes/projects and assessing the related ICT risks and impact to the organization’s risk profile e.g. in IT Validation Committees, Cloud Enablement Council etc.
• Manage, oversee or contribute to missions that are designed to evaluate ICT risk identification and effective and sustainable mitigation.
• Provide leadership and subject matter expertise during response to major cyber incidents and crisis events and assist coordinate 2LoD engagement and response of crisis managers.
• Analyze risk data from various sources (e.g. external events, control deficiencies, risk register) to identify and measure levels of risk, concentration, trends and patterns.
• Work with 1LOD and 2LOD to recommend strategies that effectively treat the risks within the risk appetite (e.g. controls improvement to mitigate an ICT risk).
• Perform check and challenge of 1LOD risk processes, data and outcomes (e.g. risk assessments, control evaluations, risk metrics, mitigation plans, risk acceptances, etc.), communicate risk opinions at various levels of management.
• Once new/modified controls are in place, continue to monitor control effectiveness and the risk & control environment to determine whether incremental improvements are required to ensure that risk exposures are within acceptable limits.
• Ensure adherence to ICT risk management standards and procedures, including and not limited to: Developing and issuing ICT / Operational Resilience risk management reports and risk opinions.

Work conditions: This position provides for standard working conditions in an office and a normal work schedule from Monday to Friday. 

The strengths and skills that will help you succeed

• Bachelor’s degree in information technology, Information Security, Business or Risk Management (or equivalent professional qualification).
• Minimum 7 years of experience in ICT audit, ICT risk management or ICT continuity.
• Good knowledge of Business Continuity, ICT Continuity and Audit methodology and concepts.
• Understanding of the banking industry's regulatory requirements on ICT (e.g., NIST Cyber Security Framework, ISO27001, EBA Guidelines on ICT and security risk management etc.).
• Excellent stakeholder management skills.
• Being rigorous and thorough – especially when logging and tracking issues through to conclusion.
• Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management.
• Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business.
• Excellent written and verbal communication skills. Ability to articulate risk management concepts in business language.
• Proven ability to manage issues through resolution; skilled at making judgment calls.
• Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times.
• Works iteratively, delivering quickly and frequently to produce high quality documents and outputs. 
• Industry certifications (e.g. CISA, CISM, CRISC) are preferred.
• Given the vast majority of our clients, both internal and external, are based outside of Quebec and Canada, specific language requirements may apply.  Knowledge of the English is required. 

What’s in it for you

In addition to competitive compensation, we offer flexible benefits including a family and spouse insurance program, a defined contribution pension plan and paid days for volunteering. Hybrid work arrangements are available for most positions. In-office presence is required a minimum of 3 days per week, one of which must be on a Monday and/or a Friday. BNP Paribas provides excellent training and personal development programs, as well as opportunities for career development within the company and internationally.

To find out more about our range of benefits, click here

What you need to know

• BNP Paribas is committed to accessibility and inclusion. During the recruitment process, accommodation needs are available at all times for candidates. You will have the chance to make a request for an accommodation during your application.
  • You must be legally eligible to work in the Greater Montreal area and, if applicable, hold a valid work or study permit. Physical presence in BNP Paribas’ office(s) is an essential function of this position;
  • If you are applying and accepted to a position which requires working in/for the U.S. securities industry, you will be required to provide your fingerprints and undergo additional background checks by the FBI. BNP Paribas Securities Corporation is required to maintain a supervisory program over the conduct of its Associated Persons; some of your personal data will be transmitted to the United States of America and made available to US regulators. Please reach out to BNPP for additional information; or you can also find an overview here: 3110. Supervision | FINRA.org

Diversity, Equity and Inclusion (DE&I) at the heart of our commitments

At BNP Paribas all employees are on an equal footing allowing us to create a work environment that values and respects people for their talents, skills and competences.

BNP Paribas recruits, employs, trains, compensates and promotes regardless of race, religion, colour, national origin, sex, disability, age, and other protected status (Employment Equity Act and Canadian Human Right Act).

To learn more about our DE&I commitments, click here

About us

BNP Paribas is the top bank in the European Union and a major international banking establishment. Present in 63 countries, with more than 180,000 employees, the bank holds key positions in several areas of banking and financial services.

BNP Paribas’ mission is to contribute to a responsible and sustainable economy by financing and advising its clients according to the highest ethical standards, while striving to respond to essential concerns in terms of the environment, regional development and social inclusion.

Since 1961, BNP Paribas has supported large Canadian companies and institutions in their business development by offering a full range of specialized financial services and investment products.

With over 1,400 employees, BNP Paribas in Canada continues to attract experts from diverse fields as well as ambitious young talent from around the world. We are proud to offer our employees a rewarding and international workplace where they can build their professional careers by honing their skills, meeting challenges and enriching their knowledge of the financial industry.

Our certifications and partnerships

• Montreal’s Top Employers 2025
• Canada’s Best Diversity Employers 2025
• Women in Governance  – Parity certified -  Platinum certification
• Pride at Work Canada
• Part of Les Affaires top 300 companies in Quebec
• Part of Les Affaires top 300 companies in Quebec
• Synclusiv
• Ready, Willing and Able 
• Autisme sans Limites 
• LinkedIn Top Companies 2024

Do you want to discover other BNP Paribas offers in Canada?

Click here: BNP Paribas in Canada | Our job offers

** Only selected applications that meet the requirements of the role will be contacted **