Director IT, Cyber and Data Audit.

About The Position

Requirements

• Proven expertise in IT/IS audit and industry best practices, in line with large complex banking organizations (minimum of 10 years of recent experience in Information Technology).
• Five (5) or more years of Information Technology operational experience.
• Five (5) or more years of Global Market operational experience.
• One (1) or more years of Information Security operational experience.
• Extensive experience working for large global financial services organizations, with solid knowledge of CIB business processes, notably GM, and BNP Paribas environment.
• Experience with banking and financial systems (preferably Trading and Settlement systems, Money Transfer systems, Compliance and Surveillance systems, etc.).
• Undergraduate Degree in Computer Science, Cybersecurity or a related field.
• CISA (Certified Information Systems Auditor).
• Strong background auditing infrastructure and applications controls.
• Solid experience in principles and techniques of Information Systems auditing.
• Understanding of management principles and the ability to recognize and evaluate deviations from good business practices.
• Ability to maintain effective relations between auditors and auditees, and effectively communicate audit results to a wider, non-technical audience.
• Strong managerial experience, promoting a culture of independence, conduct, transparency, integrity, performance, satisfaction at the workplace, and diversity and inclusion.
• Ability to demonstrate effective communication with regulators and management, both verbally and in writing.
• Exceptional analytical abilities, strong organization and teamwork skills.
• Ability to demonstrate business tactical and strategic thinking, as well as innovation and creativity.
• Excellent communication skills (verbal, written, presentation), interpersonal skills, strong facilitation and interviewing skills.
• Comfort in discussing IT Controls with the bank's management, and obtaining agreement on recommendations pertaining to technology / systems under review.
• Strong risk and control awareness, and knowledge of risk assessment methodology.

Nice To Haves

• Advanced Degree, notably in Cybersecurity or IT Risk Management.
• CISM (Certified Information Systems Manager), and/or CISSP (Certified Information Systems Security Professional) and/or similar.
• Knowledge and experience with Windows and Unix operating systems, middleware, networks, databases, and emerging technologies.

Responsibilities

• Oversee direct audit coverage responsibility for the Information Technology, Information Security, and Data audit activities performed relative to BNP Paribas Wholesale activities in North America (US and Canada), supported by a team of subject matter auditors.
• Assess the strengths and weaknesses of the BNP Paribas North America Wholesale activities, through audits, risk assessments and continuous monitoring activities as they relate to Information Technology, Information Security, and Data Management controls, ensuring business objectives regulatory expectations are met, and risks are sufficiently mitigated.
• Perform risk-based audits, based on a thorough understanding of the processes and risks associated with both current and emerging technologies, and on a precise assessment of the adequacy and completeness of the GRC, both from a design and effectiveness standpoint.
• Evaluate the adequacy, effectiveness, and efficiency of Bank policies, procedures, and internal controls as they relate to the Information Technology infrastructure and Business Application Systems as per the terms of the Inspection Générale Audit charter and guidelines of the Bank.
• Follow audit professional standards and regulatory requirements in the performance of the day-to-day functions of internal auditor.
• Perform audits of Information Technology operating procedures and processing systems, test operating procedures and processing systems through the performance of detailed fieldwork, examine and evaluate results, assess adequacy of controls, communicate results, and direct follow-up efforts.
• Plan each audit prior to the commencement of fieldwork (includes meeting with IT and Bank management, discussing changes/events that have a material impact on the activity, revising/enhancing the examination program and scope as warranted).
• Review work papers with particular focus on documentation and analysis to support findings.
• Prepare draft findings and recommendations and follow up on findings to ensure that the appropriate corrective actions were taken by reviewing and validating supporting evidence.
• Finalize and distribute the draft of audit findings/recommendations to auditees for internal control improvements.
• Lead, develop and motivate a team of auditors, while promoting a culture of independence, conduct, transparency, integrity, performance, satisfaction at the workplace, and diversity and inclusion.
• Encourage problem-solving and promote a constructive work environment among both audit and other Bank staff.
• Ensure that team members have the proper expertise and independence to conduct the required audits and investigations, with the highest integrity and conduct standards.
• Use the results from the skillset analysis to promote continuous training and upskilling of the audit staff.
• Maintain the audit universe and timely update the corresponding risk assessments, supported by a dynamic and documented Continuous Risk Monitoring (CRM) practice, including CRM over the portfolio of IT projects.
• Maintain a close relationship with the BNP Paribas NAR audit teams and Group Inspection Générale IT audit domain, and interact with Bank's regulators for any matter in scope.

Benefits

• Medical, dental and vision coverage.
• 401(k) Savings Plan.
• Backup childcare.
• Life, accident and disability insurance.
• Mental health support.
• Paid time off.