Cloud Risk

Position Purpose

• As a Cloud risk officer for BNP Paribas Group Operational Risk Management function, support Cloud operational and technology risk management throughout the lifecycle of private, hybrid and multi cloud platforms

Key Responsibilities

RISK Operational Risk Officer (ORO) Cloud Risk

• Ensure that the governance, risk control and assurance frameworks for operational and technology risk management are robustly implemented to mitigate operational, cybersecurity and technology risks across multi cloud platforms at BNP Paribas that comprises of IBM Cloud dMZR (dedicated multi zone region), public cloud, private cloud and hybrid cloud throughout its lifecycle
• Review and update minimum baseline Cloud security controls in collaboration with IT Group Production security teams, Cloud security experts, Operational risk officers, ICT risk officers, etcCollaborate closely with cross-functional teams, Cloud subject matter experts, cyber security teams and operational risk officers to identify, assess, and remediate risks
• Periodic and adhoc reports and dashboards on the Cloud technology and operational risk indicators, trends, issues, incidents and remediation plans to senior managementRaise awareness of the Operational Risk Officers on multi cloud platforms at BNP Paribas, various cloud topics and cloud initiatives across the Group through the Cloud Risk Community.
• Stay updated on the regulatory changes and requirements from regulators globally on Cloud topics identifying the gaps in existing baselines and the controls to be implemented to mitigate the gaps. Spread awareness of the regulatory changes across the Operational Risk Officers.
• Adapt to the evolving landscape of digital transformation, ensuring that risk management approaches are agile and forward-thinking.
• Support the ICT risk missions across multi cloud platforms identifying the control gaps in the existing security baseline, residual risks, and provide recommendations to mitigate the risks
• Contributing ResponsibilitiesSupport in check and challenge of the controls, providing risk opinion, conducting risk assessments and audits of the key cloud projects and initiatives across the hybrid cloud, dMZR, private cloud and IBM cloud platforms
• Support in high quality report writing, documentation and presentation for Cloud security topics of operational risk frameworks
• Support to develop and maintain the Cloud technology and operational risk management framework, policies, standards, procedures and controls for the Cloud services in alignment with BNP Paribas 1LoD and 2LoD risk management policies
• Support in development, identification and updating of risk reporting methods using automated solutions. This could include leveraging existing or new solutions of Governance, Risk and Compliance (GRC) tools for Cloud services asset register, risk register, remediation tracking, etc.
• Support in development of Cloud Security Posture Management solutions, operational risk management solutions, IT service management solutions, reporting & dashboard solutions, etc
• Identify the risks and vulnerabilities of APIs used at Group, define the baseline controls and ensure APIs comply with industry standards.
• Technical & Behavioral CompetenciesProfessional qualifications relevant to Cloud and Cyber Security (such as CCSP, CISA, or CRISC).
• Strong risk mindset with understanding of applicable regulatory requirements in financial services sector around Cloud Security Risks
• Good knowledge of ICT risks, IT Control, Information Security, Business Continuity, IT operations and IT Audit and assessment methodologies and concepts
• Functional knowledge in the following areas:
• • Cloud security

• Container security

• Cloud provider and platform reviews

• Infrastructure security

• Security risk architecture

• Digital transformation

Frameworks & Technologies

• Terraform, Kubernetes

• Docker, containers

• CSP IaaS, PaaS and SaaS, Infrastructure as Code

• Microservices, API

• Cloud Security Posture Management

• Cloud platforms like Microsoft Azure, Amazon Web Services

• IBM Cloud, dedicated multi zone region

• Public cloud, hybrid cloud, multi cloud environments

Competencies (Technical / Behavioural)

The successful candidate will have a proven track record in managing risk and technology in large/global organizations with robust knowledge of technology, risks and controls, IT and cloud risk and cyber security, operational resilience, and third-party technology risk management. Prior ICT risk experience and exposure to the Financial Services industry is a requirement. Experience with risk management tools and information systems is beneficial.

Skills Referential

Behavioral Skills:

Decision Making

Client focused

Ability to collaborate / Teamwork

Attention to detail / rigor

Analytical skills

Transversal Skills

• Ability to articulate risk management concepts in business language
• Excellent written and verbal communication (English)
• Proficient with Microsoft Office Suite
• Experience within a regulated environment such as financial services industry
• Proven ability to manage issues through resolution
• Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times
• Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework

Conduct

• Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks
• Consider the implications of actions on colleagues, partners and clients before making decisions and escalate issues to manager when unsure

Specific Qualifications Required

• Graduate or post-graduate qualification in ICT domains, risk management or control function
• 8 to 10 years or more experience or practical understanding in Risk, Security and other ICT domains required.
• 6 to 7 years or more experience or practical understanding in Cloud platforms and Cloud Security.