IT Control And Compliance Officer

Job Description:

Function description:

The resource will be part of the IT team of Axepta BNP Paribas and will be reporting to the CISO.

As an IT Control and Compliance Officer you will carry on the activities listed below:

· Execution of ICT-related Controls: Execute ICT-related controls beyond incident management, including establishing a regular testing and review process to assess their effectiveness.

· Risk Management: Support the CISO in ensuring all identified ICT risks, including those from third-party providers and internal governance bodies (e.g., Architecture and Security Board), are promptly and comprehensively recorded in a risk register. Creation & follow-up of action plans to mitigate the risk.

· Key Risk Indicators (KRIs) Monitoring: Define and set up the monitoring of a comprehensive set of KRIs for all critical ICT functions, including third-party service providers.

· Coordinate the transposition of Group generic control plans, identify impacted assets and processes upon policy & control changes.

· Collaboration: Collaborate with internal stakeholders, including the Architecture and Security Board, to ensure alignment and effective risk management.

· Manage local and Group reports adapted to the required audience (operational/executive).

Required experience / knowledge

3-5 years of experience / seniority in Information Security and IT process management.

Technical experience:

Mandatory:

· Designing and implementing IT generic controls (good knowledge of Identity & Access Management)

· IT and security technology and processes

· IT risk management, proven evidence of being able to perform IT and Cyber risk assessments

· Good knowledge of Excel (pivot tables, formulas) and Word, PPT

· Knowledge of SharePoint (as a user)

Preferable:

· Technical skills to be considered as an asset during the selection process

· Familiar with cloud-based systems landscape

· Knowledge of Service Now GRC

Business experience:

Mandatory:

· Capability to quickly understand end-to-end process flows and control needs

· Metrics definition and dashboarding

· Strong analytical and synthesis skills, ability to produce structured and concise documents; precise and methodological

· Experience with KRI development and monitoring

· Skills in collaboration with different teams and external resources

· Experience in Reports and Memo drafting, reports and presentations addressed to senior management

Preferable:

· DORA regulatory requirements

· Developing and implementing policies and / or processes in IT area;

· Knowledge of cloud security and third-party risk management

· Preference will be given to candidate that have a good knowledge / practical experience of financial services industry.

Soft skills:

· Quick self-starter, pro-active attitude

· Autonomy, commitment and responsible for his/her tasks

· Results and time-oriented

· Team player

· Ability to work in a fast-paced environment and prioritize multiple tasks and projects