In a changing world, unprecedented challenges require unmatched talent. Join one of Montreal's Top Employers in 2024. We are a dynamic and growing organization having its main establishment located in downtown Montreal and part of a leading international banking institution fully committed to building a more sustainable future. Note that the position may be in the Canadian Branch of BNP Paribas or in one of its subsidiaries based in Montreal. 

The position at a glance

In order to contribute to the durability of Bank’s activities and regulatory compliance duties the IT Governance, Risk and Controls Management is responsible to ensure that territory IT risks are properly managed and reported in accordance with regulatory requirements as well as Group, Global and Local IT policies and procedures.

 IT & Cyber Governance, Risk and Controls (GRC) management responsibilities for Americas entails utilizing the framework defined by Group IT Governance of BNP Paribas as well as the Group IT Risk Management framework. IT & Cyber GRC works with Information Technology teams that support the following IT functions, such as Application Development and Support, IT Production (Infrastructure), Information / Cyber Security, Information Continuity, Business Continuity and Third-Party Risk Management. IT & Cyber GRC lead the IT Governance, Risk and Controls Program and assists IT management to develop, maintain and perform testing to ensure sustainable Information Technology and Information Security processes and controls. IT & Cyber GRC facilitates process reviews, Risk and Control Self-Assessments, IT Risk Identification and Controls Assessment and develop, distribute and present Management reporting related to IT & Cyber Governance Risk and Controls and acts as a liaison for External Audits and Regulatory Examinations interactions.

 The mission of the IT & Cyber Risk Office is to contribute to the continuous improvement of the IT & Cyber Governance, Risk and Controls around the IT infrastructure and business systems of CIB Americas. This includes the measurement and management of the IT & Cyber risks, within the IT Activities linked to the ICT (Information and Communication Technologies) in declination of the framework defined by Group IT governance of BNP Paribas, as well as the deployment and coverage of the Group IT Risk Management framework.

In detail

Main responsibilities: 

•           Provide a consolidated view of IT & Cyber risks at distinct levels of all the IT & Cyber departments, via industrialized and risk-oriented reports, including and not limited to:

o   Production of group-level or local key risk indicators

o   Results of generic control plans executions

o   Findings of audits & reviews performed by independent testing teams.

o   Progress of major IT & Cyber risk remediation plans as well as Group Cyber Security program.

•           Participate to the build of an IT & Cyber risk steering committee (or an ICT Internal Control Committee) for the region.

•           Participate to the coordination for all the IT & Cyber department to answer to regulators’ request & assessments on IT & Cyber risks.

•           Participate to the risk assessment on region-wide IT & Cyber projects & existing assets, and to the validation of major IT risks and challenge their remediation plans

•           Follow-up the closure of SIAP associated to the IT & Cyber risk management.

•           Analyze IT historical incidents and feed the Group Operational Risk framework.

•           Bring support to department with the deployment of the IT risk management framework.

•           Provide expertise and support to department on IT risk management topics, in complement to Cyber risks (e.g. IT risk assessment & treatment approaches, Cloud Computing, Shadow IT, IT Third Party Risk Management in collaboration with TPMO)

•           Participate to the review of strategic projects through the IRPP framework.

•           Develop and maintain the set of tools to industrialize the IT risk management framework and to interface with RISK Function tooling.

•           Anticipate new ways of working and associated risks.

•           Create and manage a targeted IT risk awareness training program for all employees, contractors, and more particularly for all the IT department in the region.

•           Conduct IT & Cyber Governance, Risk and Controls related Awareness / Training sessions with IT Personnel as well as Team members.

•           Contribute to the development and management of IT policies and procedures related to IT & Cyber Risk Management (HI, KRI, Shadow IT…)

•           Assist with Management, Maintenance and Administration of the Team’s SharePoint sites.

•           Develop, Create, Distribute and Present Reporting data, obtain and incorporate updates.

•           Monitor, Track and Follow-up on activities and initiatives

•           Assist with coordination and communication of information provided by Group / Global IT or other Global / Local teams.

•           Assist with coordination and the Collection of information and ensure timely reporting and follow-up of open items.

•           Identify and Assess Information Security and Information Technology risks.

•           Maintain and distribute the assignment of controls amongst team members, assist with the coordination and training of new and existing team members.

•           Assist with maintaining standard operating procedures within the team.

•           Assist with the development of Executive Management level - Reports, Dashboards, Status Reports, Meeting Minutes,

•           Participate to the team meeting – capture and distribute meeting minutes when needed.

•           Assist with the maintenance and updates to Risk Register.

The strengths and skills that will help you succeed

·         Bachelor’s degree Knowledge and experience with IT and/or Operational Risk. Minimum of 3 to 5 years of related experience in Information Technology Risk and Control, Information Technology, Governance of Information Technology, or a related field. 

·         Experience in developing processes, implementing controls, writing, or working with information security and technology policies or procedures and liaising with IT and Business personnel (at all levels)

·         Familiarity with COBIT, ITIL, FFIEC, ISO/IEC 27001, ISO/IEC 9001, ISO/IEC 20000, SEC, SOX, GLBA, FINRA, Dodd-Frank and other related control frameworks or legislation and regulatory sources is a plus.

·         Strong communication skills, both verbal and written, diligent, detailed oriented, proactive.

·         Good organizational skills, project management and ability to manage multiple tasks simultaneously.

·         Ability to work effectively, independently and within teams, to achieve management objectives.

·         Proactive and eager to take on new tasks and challenges.

·         Ability to identify and propose opportunities for process (and control) improvements.

·         Ability to lead meetings and forward discussions, carry out day-to-day operational work while thinking and planning both tactically and strategically.

·         Ability to create executive level reporting.

·         Strong problem solving and analytical skills.

·         Demonstrates Persistence, poise, and perseverance and able to complete deliverable, accomplish goals and objective under pressure and within set timelines.

·         Proficient in MS Office (specifically Excel, PowerPoint, Word), SharePoint and MS PowerBI.

Minimum required qualifications:

·         Bachelor’s degree 

·         Minimum of 3 to 5 years of related experience in IT & Cyber Risk Management and Controls.

·         Experience in Managing processes, implementing controls, and writing policies or procedures by liaising with IT and Business personnel.

·         Strong communication skills, both verbal and written, diligent, detailed oriented, proactive.

·         1 to 2 years of project management experience.

·         Strong problem solving and analytical skills.

Preferred qualifications: 

·         Professional certifications CRISC, ITIL-F

·         Familiarity with COBIT, ITIL, FFIEC, ISO/IEC 27001, ISO/IEC 9001, ISO/IEC 20000, SEC, SOX, GLBA, FINRA, Dodd-Frank and other related control frameworks or legislation and regulatory sources is a plus.

What’s in it for you

In addition to competitive compensation, we offer flexible benefits including a family and spouse insurance program, a defined contribution pension plan and paid days for volunteering. Hybrid work arrangements, such as remote working up to 50% and flexible working hours are available for most positions. BNP Paribas provides excellent training and personal development programs, as well as opportunities for career development within the company and internationally.

To find out more about our range of benefits, click here

What you need to know

Diversity, Equity and Inclusion (DE&I) at the heart of our commitments

At BNP Paribas all employees are on an equal footing allowing us to create a work environment that values and respects people for their talents, skills and competences.

BNP Paribas recruits, employs, trains, compensates and promotes regardless of race, religion, colour, national origin, sex, disability, age, and other protected status (Employment Equity Act and Canadian Human Right Act).

To learn more about our DE&I commitments, click here

About us

BNP Paribas is the top bank in the European Union and a major international banking establishment. Present in 63 countries, with more than 180,000 employees, the bank holds key positions in several areas of banking and financial services.

BNP Paribas’ mission is to contribute to a responsible and sustainable economy by financing and advising its clients according to the highest ethical standards, while striving to respond to essential concerns in terms of the environment, regional development and social inclusion.

Since 1961, BNP Paribas has supported large Canadian companies and institutions in their business development by offering a full range of specialized financial services and investment products.

With over 1,400 employees, BNP Paribas in Canada continues to attract experts from diverse fields as well as ambitious young talent from around the world. We are proud to offer our employees a rewarding and international workplace where they can build their professional careers by honing their skills, meeting challenges and enriching their knowledge of the financial industry.

Our certifications and partnerships

• Montreal’s Top Employers 2024
• Canada’s Best Diversity Employers 2024
• Women in Governance  – Parity certified -  Platinum certification
• Pride at Work Canada
• Rainbow Accreditation issued by Canada’s LGBT+ Chamber of Commerce (CGLCC)
• Part of Les Affaires top 300 companies in Quebec
• Synclusiv
• Ready, Willing and Able 
• Autisme sans Limites 
• LinkedIn Top Companies 2024

Do you want to discover other BNP Paribas offers in Canada?

Click here: BNP Paribas in Canada | Our job offers

** Only selected applications that meet the requirements of the role will be contacted **