It, Cyber

In a changing world, unprecedented challenges require unmatched talent. Join one of Montreal's Top Employers in 2024. We are a dynamic and growing organization having its main establishment located in downtown Montreal and part of a leading international banking institution fully committed to building a more sustainable future. Note that the position may be in the Canadian Branch of BNP Paribas or in one of its subsidiaries based in Montreal.

**The position at a glance**

The North America Hub is part of BNP Paribas’ global Internal Audit group (Inspection Générale) which is staffed by highly qualified individuals who perform high quality risk-based reviews of the Business, providing assurance, and when necessary, advising management to anticipate and understand otherwise unexpected risks and put in place appropriate mitigating controls.

The Internal Audit team helps senior management protect the company’s reputation by avoiding financial and reputational damage. Where it is too late to prevent failure, the team investigates the problem, helps management deal with the aftereffects, and establishes guards against re-occurrence. Headquartered in New York, the North America Hub has primary audit responsibility for BNP Paribas’ Corporate and Investment Banking activities in the United States. The audit approach follows practices prescribed by the Institute of Internal Auditors (IIA).

**In detail**

**RESPONSIBILITIES**:

- Assess the strengths and weaknesses of the BNP Paribas North America Wholesale activities, through audits, risk assessments and continuous monitoring activities as they relate to Information Technology, Information Security, and Data Management controls, ensuring business objectives regulatory expectations are met, and risks are sufficiently mitigated.
- Perform risk-based audits, based on a thorough understanding of the processes and risks associated with both current and emerging technologies, and on a precise assessment of the adequacy and completeness of the GRC, both from a design and effectiveness standpoint.
- Evaluate the adequacy, effectiveness, and efficiency of Bank policies, procedures, and internal controls as they relate to the Information Technology infrastructure and Business Application Systems as per the terms of the Inspection Générale Audit charter and guidelines of the Bank.
- Follow audit professional standards and regulatory requirements in the performance of the day-to-day functions of internal auditor.
- Perform audits of Information Technology operating procedures and processing systems, test operating procedures and processing systems through the performance of detailed fieldwork, examine and evaluate results, assess adequacy of controls, communicate results, and direct follow-up efforts.
- Review work papers with particular focus on documentation and analysis to support findings.
- Prepare draft findings and recommendations and follow up on findings to ensure that the appropriate corrective actions were taken by reviewing and validating supporting evidence.
- Maintain the audit universe and timely update the corresponding risk assessments, supported by a dynamic and documented Continuous Risk Monitoring (CRM) practice, including CRM over the portfolio of IT projects.
- Maintain a close relationship with the BNP Paribas NAR audit teams and Group Inspection Générale IT audit domain and interact with Bank’s regulators for any matter in scope.

**The strengths and skills that will help you succeed**
- Bachelor’s degree (Computer Sciences or other related field of study).
- At least 6 years of Audit experience, with a focus on Information Systems.
- A strong understanding of the relevant risks and controls in areas such as IT Governance, IT Risk, IT Production, Cybersecurity, Application Development & Maintenance, Operational resilience, IT Projects, etc.
- Team player with demonstrated track record in self-initiative and time management.
- Experience with banking and financial systems.
- CISA (Certified Information Systems Auditor).
- Ability to demonstrate effective communication with auditees, both verbally and in writing.
- Exceptional analytical abilities, strong organization, and teamwork skills.
- Ability to demonstrate business tactical and strategic thinking, as well as innovation and creativity.
- Strong risk and control awareness, and knowledge of risk assessment methodology.

**PREFERRED QUALIFICATIONS**:

- One (1) or more years of Information Technology operational experience.
- One (1) or more years of Global Market operational experience.
- One (1) or more years of Information Security operational experience.
- CISM (Certified Information Systems Manager), and/or CISSP (Certified Information Systems Security Professional).
- Knowledge and experience with Windows and Unix operating systems, middleware, networks, databases, and emerging technologies.
- Given the vast majority of our clients, both internal and external, are based outside of Quebec and Ca