The role

Based at BNP Paribas Real Estate office headquarters in Harewood Avenue and reporting to the Head of Cyber Security, the successful candidate will be responsible for the deployment and support of the IT Governance framework, working with the IT management team to implement best practice operational governance processes in line with the wider group governance strategy. 

The successful candidate will serve as the subject matter expert on the IT operational risk assessment, controls and governance (“IT GRC”).  Sitting within the IT team and acting as the first line of defense (“1LOD”), UK IT Governance officer closely partners with internal IT teams, Business OPC, Central IT OPC and other control functions to strengthen IT operational processes.  This role is aiming to cover:

1.    IT Operational Permanent Control (OPC) Assessment

2.    Group Cybersecurity Assessment

3.    IT Audits

4.    Client Due Diligence Questionnaire and Security clauses in contract

The successful candidate will have strong and relevant experience in IT governance and operational risk management in a similar sized organisation.

In order to meet our expectations, the successful candidate should have an eagerness for continued personal and professional development with a focus on delivering world class service to service users. 

They should relish working in a team environment with the ability to interact and share ideas, but be equally confident working independently to deliver new methods and processes.

Activities

IT OPC

•    Ensure the effective implementation and maintenance of the IT OPC framework within Real Estate UK IT OPC scope 

•    Lead UK IT OPC campaign, verify control testing results and submit them to the central team in Paris for consolidation and reporting

•    Collaborate with the respective IT process owner to formalize remediation plans on identified weaknesses or failures, ensure the follow-up of these actions and escalate to the relevant level on any key delay.

Group Cybersecurity Program

•    Be the point of contact regarding the Group Cybersecurity Program for Real Estate UK, and contribute to the compliance of the Group IT Risk and Cyber Security requirements

•    Manage the assessment of control objectives defined in the Program.  Drive IT responsible parties to provide feedback and evidence to demonstrate the compliance of the concerned asset/process

•    Follow up, verify and submit evidence until the closure of each control objective.  Track, monitor and report the progress of each assessment campaign for UK IT

•    Drive the respective IT team to define roadmap and key milestones to address outstanding objectives 

IT Audits

•    Managing and co-ordinating internal and external IT audits ensuring full collaboration with the auditors.

•    Register findings and recommendations identified from IT audit missions

•    Track and drive the closure of action items with the respective IT action owner

Client Due Diligence Questionnaire and Security clauses in contract

•    Coordinate with IT teams and manage IT responses in answering due diligence questionnaire related to IT GRC from client/prospect

•    Contribute to the contract / service level agreement review for services provided to client and liaise with internal Legal and IT teams on revising clauses related to IT GRC requirements

Others

•    Consolidate results from various control assessments and provide IT Risk and Cyber Security management reports for UK IT Dashboard and Internal Control Committee

•    Coordinate IT GRC training for the entity aiming to promote a risk awareness culture

•    Ensure local procedure is well managed

Person specification

Essential qualifications

•    Formal IT qualification

Desirable qualifications

•    ITIL Life cycle / Capability certification

•    ISACA Certificate in the Governance of Enterprise IT (CGEIT)

•    CISA certification

Essential experience 

•    Knowledge of external certifications and the ability to audit the organisation’s conformance to those standards; 

•    Working experience within ISO 27001 / NIST standards 

•    Good level of experience and competency within an IT OPC and Governance environment. 

•    Relevant IT audit experience - especially within the area of governance and quality. 

•    Personal experience of implementing high quality standards (ideally ISO etc.) within an organisation and the ability to drive quality standards through the organisation. 

Desirable experience 

•    Exposure to IT risk management and reporting. 

Key skills/competencies 

•    Ability to prioritise and manage own workload in difficult and pressured situations 

•    Ability to adjust to meet the expectations of a wide range of users 

•    Ability to work alone or as part of a team 

•    Excellent written and spoken English 

•    Ability to liaise with senior stakeholders 

•    Self-starter 

•    Commercially astute 

•    Delivers innovative solutions 

•    Sound decision maker 

•    Creative thinker 

•    Pursues excellence 

•    Responsiveness to colleagues 

•    Responsiveness to clients 

We are proud to offer award-winning benefits to support and reward our employees:

•    Health & Leisure: Private medical cover, 25 days annual leave + public holidays (the option of purchasing up to 5 additional days via flex benefits), health screening, gym discounts, wellbeing support, volunteering opportunities, cycle to work scheme, eye care voucher, travel & retail discounts, travel insurance, concierge service, kids pass, open fairways golf card, great company culture and social events (including sports teams, charity events, art pass), perks at work 

•    Financial:  Pension, life assurance at 8 x basic salary, group income protection (long term disability insurance), interest free season ticket loan, bonus scheme - you will be eligible to participate in the Company’s Bonus Scheme, share incentive plan, financial and mortgage advice 

BNP Paribas Real Estate is committed to providing a work environment that fosters diversity, inclusion, and equal employment opportunity without regard to race, colour, gender, age, creed, sex, religion, national origin, disability (physical or mental), marital status, ancestry, sexual orientation, gender identity and gender expression, or any other legally protected status.