Weiter zum Inhalt

Allgemeine Informationen

Stelle#
IT_3968
Land
Belgien
Region
Brussels Hoofdstedelijk Gewest
Stadt
Bruxelles
Vertragsart
Unbefristet
Berufliche Branche
F06 - INFORMATION TECHNOLOGY
Erforderliche Berufserfahrungen
Bereits Berufserfahrung

Beschreibung

YOUR JOB IN A NUTSHELL

Join BNP Paribas Fortis as an IT Operational Permanent Control (OPC) Specialist At BNP Paribas Fortis, our Cyber Security division unites the Centre of Excellence (CoE) Security and IT Filiere Production Security BE to design, implement, and maintain robust security solutions. 
Our mission? To foster a trustworthy, secure environment for both our colleagues and clients.

We’re seeking a proactive professional to join our IT Operational Permanent Control (OPC) team, a key function within Governance, Risk, and Compliance (GRC). Here, you’ll play a pivotal role in helping IT and Business Units navigate operational risks tied to IT and Cyber Security, while reinforcing an adaptive, resilient control framework across the bank.

 

AND IN DETAIL

  • Identification and assessment of risks: You’ll analyse data from risk systems, reports, and governance bodies, turning complex information into practical, risk-based insights. Your conclusions will help leaders make informed decisions.
  • Controls Execution & Reporting: You’ll interpret, adapt, and run control tests (compliance, fraud, outsourcing, etc.), then report findings to the CIO, ensuring controls align with IT’s strategic priorities.
  • Regulatory & Internal Reporting: You’ll prepare precise, high-impact reports for the Internal Control Committee (ExCo), regulators (NBB/BNB, ECB), and Group entities (CDF/IT Group), shaping risk discussions at the highest level.
  • Procedure Governance: As the gatekeeper for IT risk and security procedures, you’ll ensure they’re up to date, accessible, and visible, keeping our compliance framework structured and resilient.
  • Governance Body Support: Acting as NAC secretary for major IT initiatives, you’ll track stakeholder conditions (Business & Functions), driving accountability and alignment in high-impact projects.
  • Risk & Control Self-Assessment (RCSA): You’ll conduct the annual RCSA for all IT risk categories, using the RISK ORM methodology to assess risks, incidents, and recommendations, giving a full picture of IT’s risk profile, including external threats.
  • Regulatory Reporting – IT Risk Questionnaire: You’ll coordinate the bank’s response to the ECB’s IT Risk questionnaire (via Group) and the NBB’s BNP Paribas Fortis reporting, ensuring submissions are accurate, regulator-ready, and endorsed by the CISO/CIO.
  • Compliance Controls Execution: You’ll run IT-wide compliance checks (awareness, ethics, etc.), report findings to the IT Management Team, and drive remediation where needed, ensuring actions are documented and evidenced.

 

YOUR TALENTS AND COMPETENCES

Background & Experience

  • A Master’s degree in IT, economics, or engineering, with a strong IT foundation.
  • 10+ years of experience, including at least 5 years in Risk or IT whether in financial services, consulting, or another regulated industry.
      

What You Bring to the Table

  • IT & Security Process Insight: You understand how IT and security technologies integrate into risk and operational frameworks and where the gaps might be.
  • Risk Assessment Skills: Hands-on experience in identifying and evaluating IT and cyber risks, with a practical (not just theoretical) approach.
  • Regulatory & Standards Know-How: Familiarity with frameworks like EBA guidelines, DORA, ISO 27001, or NIST and the ability to apply them in real-world IT risk and compliance scenarios.
  • Control Design & Testing: You can translate regulations and policies into effective controls and know how to test whether they actually work.
  • Agile Mindset: Experience with Agile methodologies in a risk or control environment is a plus, but adaptability matters most.
  • Process Thinking: You quickly grasp end-to-end processes, spot risks, and propose practical solutions without getting lost in bureaucracy.
  • Clear Communication: Whether it’s a report for executives or a presentation for regulators, you distill complex topics into concise, actionable messages.
  • Stakeholder Alignment: You bridge the gap between technical teams, business units, and regulators keeping everyone aligned without losing sight of compliance and risk goals.
  • Collaboration: You thrive in cross-functional teams, working smoothly with colleagues and partners to execute risk and control initiatives.
      

Practicalities

  • Languages: Fluent in French or Dutch, with strong English (written and spoken).
  • Tools: Comfortable with SharePoint, Excel, Word, and PowerPoint.
  • Nice-to-have: Experience with RISK 360 is a plus, but not a must.

 

WHAT WE HAVE TO OFFER

Sustainability and impact  

We strongly believe in the positive impact that the financial sector can have on the world. BNP Paribas Fortis offers sustainable and responsible investment products and solutions and encourages social entrepreneurship. Together with our customers, we are working towards a better future every day.

 

DEVELOPMENT & CAREER PERSPECTIVES

We offer a wide range of training courses, workshops and webinars to choose from depending on your availability, interests and goals.

 

GOOD PLACE TO WORK

In addition to your remuneration and benefits (meal vouchers, insurance, holidays), we offer flexible salary options, allowing you to convert part of your salary into personalised benefits (phone use, IT equipment, transport, etc.).

 

OUR ENGAGEMENT

At BNP Paribas Fortis, we want to attract and retain all talent, whatever their gender, age, background or sexual orientation, and irrespective of whether they are living with a disability, as every person has their own experiences and their own identity. All of our full-time vacancies are also open to candidates wishing to work on an 80% or 90% full-time equivalent basis.

If the function is categorized as a banking services provider function (cf. Law of 22 April 2019 establishing an oath and a disciplinary regime for the banking sector), you will also need to provide us with a 'certificate of absence of professional ban' from the FSMA confirming that you are not professionally disqualified.

 

TEMPTED BY THE CHALLENGE?

A first selection is made based on your CV and motivation letter. Are we convinced that you are the right candidate? Then we will contact you.

Good luck!

Is this position not for you, but do you know someone who is cut out for this job? Feel free to share it with friends and family!