IT Control Risk Officer

In a changing world, unprecedented challenges require unmatched talent. Join one of Montreal's Top Employers in 2025. We are a dynamic and growing organization having its main establishment located in downtown Montreal and part of a leading international banking institution fully committed to building a more sustainable future. Note that the position may be in the Canadian Branch of BNP Paribas or in one of its subsidiaries based in Montreal.

**The position at a glance**

The role consists in participating to key Control Management activities for the IT & Cyber department of BNP Paribas in Americas. This includes regulatory control testing, QA reviews of projects and changes, control creation, maintaining control library, monthly L1 control and annual generic control library campaigns.

**In detail**

The team members are responsible of the following activities:
Conduct Regulatory IT General Controls Testing (ITGC) covering Program Development, Computer Operations, Change Management, Logical and Physical Access

Complete and report Project QA and Change QA reviews.

Perform Control Library Administrative activities like advising team for their control design, creating control in the system of records or update different mappings to other referential.

Contribute to the Monthly L1 Control Campaigns performing monthly quality review (1c) of scheduled L1 controls and maintaining controls definition and results in applicable tools.

Contribute to Annual Generic Control Library (GCL) Campaigns performing GCL testing including reporting of results and creation / monitoring of associated action plans, and determining applicability of scope, budget resources, and obtaining CIO signoff on annual GCL for ICT Changes risks, ICT Security risks, ICT Availability and Continuity risks, ICT Data Integrity risks, and ICT Outsourcing risks.

Staff supervision/ Organizational Structure:
The US/Americas ITO CCO (Chief Control Office) department covers the following areas: IT & Cyber GRC (Governance, Risk and Controls), 1LOD Reviews, Program Management, ITO Chief Data Office, and Voice and Record Keeping Program. As part of CCO team we ensure:
The management of governance, risk, and controls for the key IT & Cybersecurity activities

The oversight of all IT & Cybersecurity internal and external audits, and regulatory examinations

The predictive sustainability management of the control framework

The ITO data management of record keeping and disposal, trade regulatory reporting and voice & e-Com record keeping.

The Control Risk Officer reports to the Head of IT & Cyber Control Management.

Work conditions: This position provides for standard working conditions in an office and a normal work schedule from Monday to Friday. This position requires little travel.

**The strengths and skills that will help you succeed**

Results and Impact
- Able to influence peers and team.
- Demonstrates good judgement when making decisions of high complexity and impact.
- Exercise appropriate autonomy in the execution and delivery of work.
- Responsible for driving outcomes, which have meaningful effect on team or department.

Leadership and Collaboration:

- Creates trust with colleagues.
- Acts in leadership capacity for projects, processes, or programs.

Client, Customer and Stakeholder Focus:

- Able to build relationships with a mix of colleagues and clients.
- Interacts regularly with management and department leaders.
- Demonstrates the ability to influence stakeholders at the team level.

Compliance Culture and Conduct:

- Takes full responsibility for personal actions and demonstrates courage in facing problems and conflicts.
- Perceived as a person of high moral character; upholds corporate values and displays high ethical standards.

List of required competencies

Bachelor or Master of Science / Engineering, ideally in computer science

3+ years of experience in program development, IT risk and controls related role

In-depth knowledge of Information Technology and Information Security (i.e., Infrastructure, Operating Systems, Database, Network, System Development, Testing and Quality Assurance, Production / Application Support, Cyber Defense mechanism and threats).

Excellent communication (verbal and written) and presentation skills to develop and deliver informative progress reports, proposals, and presentations.

Ability to build strong working partnerships with various CIO, CTO and CISO teams.

Excellent analytical and problem-solving

Proficient with Microsoft office tools: SharePoint, Excel, PowerPoint, Word, Visio, PowerBI

Ability to ask penetrating questions and detect unstated assumptions and resolve conflicts.

Strong client service orientation / skills

Given the vast majority of our clients, both internal and external, are based outside of Quebec and Canada, knowledge of the English is required.

Preferred Qualifications:
Scripting language (Python, VBA, Alteryx )

Any of the CRISC, CISA, CIA, CISM, CISSP, PMP Certifica