IT & Cyber Risk Management Officer

In a changing world, unprecedented challenges require unmatched talent. Join one of Montreal's Top Employers in 2024. We are a dynamic and growing organization having its main establishment located in downtown Montreal and part of a leading international banking institution fully committed to building a more sustainable future. Note that the position may be in the Canadian Branch of BNP Paribas or in one of its subsidiaries based in Montreal.

**The position at a glance**

The US/Americas ITO CCO (Chief Control Office) department covers the following areas: IT & Cyber GRC (Governance, Risk and Controls), 1LOD Reviews, Program Management, ITO Chief Data Office, and Voice and Record Keeping Program. As part of CCO team we ensure:

- The management of governance, risk, and controls for the key IT & Cybersecurity activities
- The oversight of all IT & Cybersecurity internal and external audits, and regulatory examinations
- The predictive sustainability management of the control framework
- The ITO data management of record keeping and disposal, trade regulatory reporting and voice & e-Com record keeping.

The role consists in documenting, maintaining, and communicating the Americas IT & Cyber Risk Management Program (procedure and documentation for Risk Management, SIAP and Shadow) and ensure his execution on day-to-day basis.The IT & Cyber Risk Management Officer reports to the Head of the IT & Cyber Risk Management.

Results and Impact

Able to influence peers and team.

Demonstrates good judgement when making decisions of high complexity and impact.

Exercise appropriate autonomy in the execution and delivery of work.

Responsible for driving outcomes, which have meaningful effect on team or department.

Leadership and Collaboration:
Creates trust with colleagues.

Acts in leadership capacity for projects, processes, or programs.

Client, Customer and Stakeholder Focus:
Able to build relationships with a mix of colleagues and clients.

Interacts regularly with management and department leaders.

Demonstrates the ability to influence stakeholders at the team level.

Compliance Culture and Conduct:
Takes full responsibility for personal actions and demonstrates courage in facing problems and conflicts.

Perceived as a person of high moral character; upholds corporate values and displays high ethical standards.

**In detail**

Assist IT & Cyber teams in identifying risks, assess risks and implement proactive framework for identification and remediation (advisory role)

Ensure IT & Cyber Risks have been identified for the IT & Cyber Processes, mapped to controls and the controls address the risk (Risk Card review / C&C)

Monitor and Report IT & Cyber Risk and the risk treatment (i.e., risk mitigation / acceptances) status to Management.

Assist IT & Cyber in developing remediation action plans associated to documented risk (Risk Card), documenting them in the self-identified action plan book of record (Risk360), and tracking them until completion.

Document, maintain and communicate the Americas IT & Cyber Risk Management Program (procedure and documentation for Risk Management, SIAP and Shadow)

Ensure the Americas IT & Cyber Risk Management Program continue to be aligned with Regulatory, Group / Global and Local IT & Cyber Risk Management programs.

Ensure the IT & Cyber Teams adhere to the Americas IT & Cyber Risk Management Program

Keep up with the established Global IT & Cyber Risk Management Framework

Execute Annual Shadow/Light IT Campaign and C&C the result.

Facilitate discussion to design remediation plan between end users and IT for identified Shadow/Light IT situation.

Follow-up on Shadow/Light IT Convergence plan status.

Maintain the inventory of Shadow/Light IT, aggregating all departments.

**The strengths and skills that will help you succeed**

Required Qualifications:
Minimum of seven (7) years recent experience in Information Technology audit or IT/Cyber Risk & Control

Bachelor or Master of Science / Engineering, ideally in computer science

Extensive experience in program development, IT risk and controls related role

In-depth knowledge of Information Technology and Information Security (i.e., Infrastructure, Operating Systems, Database, Network, System Development, Testing and Quality Assurance, Production / Application Support, Cyber Defense mechanism and threats).

Excellent communication (verbal and written) and presentation skills to develop and deliver informative progress reports, proposals, and presentations.

Ability to build strong working partnerships with various CIO, CTO and CISO teams.

Excellent analytical and problem-solving

Proficient with Microsoft office tools: SharePoint, Excel, PowerPoint, Word, Visio, PowerBI

Ability to ask penetrating questions and detect unstated assumptions and resolve conflicts.

Strong client service orientation / skills

Given the vast majority of our clients, both internal and external, are based outside of Quebec and Canada, specific lan