IT Risk Analyst
|Job Opening ID||1827|
|Project lenght in months||Largo Plazo|
|Languages||Español, Frances, Ingles|
|Rate - Eur||No definida|
SEEKING: IT Risk Analyst
IT risk profile, providing
reports to the Entity’s ITRO supporting in the identification, establishment and
The key responsibilities are:
Identifying potential IT &
Cyber risks inherent in the SET activity
● A periodic review of the various IT &
Cyber risk issues (periodic assessments, panoramas, etc.)
● Analysing or reporting on operational risks
(RCSA, historic incidents, Control Plans, etc.)
Analyzing IT & Cyber risks
(root cause, business impact etc.)
● Identifying the principal causes of IT
& Cyber risks and potentially adverse events from an IT & Cyber risk perspective
● Evaluating IT & Cyber risks by
considering their likelihood of occurrence and the IT and business impacts
● Identifying and taking account of
mitigation measures put in place in respect of IT & Cyber risks (control
plans, programmes for monitoring the IT & Cyber risk management system,
etc.).Definition of action plans with the affected areas to properly mitigate
● Managing the risk management process
of the new activities to be performed in the organization, ensuring all subject
matter experts are involved and the governance procedure is applied (facilitating
New Activity Approval Committees).
IT risk management
● Support IT Risk Manager to ensure
risks are properly identified, documented, assessed, monitored, controlled, and
reported in a timely matter.
● Follow-up on open risks and remediation
action plan and proper document them in the Group tool.
● Ensure and monitor the roll-out of remediation
plans across the different areas in the organization.
● Provide advisory related to internal controls,
risk assessments, risk management, IT controls, and corrective action plans.
● Manage interactions and approvals of
derogations with the second line of defense.
● Manage the approval process for the identified
risks and monitor and report the status.
● Contribute to IT Risk awareness actions
Reporting on the management of
IT & Cyber risks to the ITRO and OPC
● Reporting alerts and suggesting corrective
measures. Recommend controls and actions by identifying problems and improvement
● Collect IT Risk indicators and prepare
reports for the entity and for the group.
● Providing a consolidated view of IT &
● Support in the preparation of internal
Contributing to the various exercises
and reviews on controlling and assessing IT & Cyber risks
● Providing support and the requested inputs
to exercises and audits (RCSA, Risk Register, etc.)
● Review and update periodically IT risk
mapping (process-risks-controls-procedures) of the organization according to new
activities or changes of the already existing ones.
● Continuous monitoring of IT Controls
and report them in the group tool, collecting the necessary evidences according
to the BNPP-PF Group Regulations.
● Review and update periodically IT risk
● Identification of historical incidents
and register them in the group tool ensuring all required information and
approvals are provided in a timely manner according to the Group procedures.
Third parties risk management
● Ensure execution of third parties risk
management activities, processing the results of the due-diligences done to the
providers, assessing risk of every IT arrangement.
● Monitor the execution of the action plans
by the providers
Shadow & Light IT
● Execute periodic Shadow IT Campaigns with the
different teams to identify potential risk situations and ensure group methodology
Managing the roll-out of IT risk
management practices and procedures at SSC SET
● Implementing the Group’s methods and priorities
in the area of IT risk
● Develop and maintain local it risk policies
and procedures based on the Group requirements and guidelines.
● Spread the IT risk group procedures across
the organization (documentation, training sessions, etc.)
● 1 year of experience in IT Risk
● Demonstrated ability to perform process
analysis and experience in documenting controls.
● Experience in leading/delivering risk assessments
and scenario analysis.
● IT Risk and Cybersecurity
● Risk Knowledge & Awareness
● Risk analysis
● Risk Anticipation
● Risk Monitoring
● Risk Opinion
● Communication Skills - Oral & Written
● Ability to Synthetise / Simplify
● Good stakeholder and relationship management
● Analytical Ability
● Ability to manage / facilitate a meeting,
seminar, committee, training…
● Ability to set up relevant performance
● Ability to anticipate business / strategic
● High level of English
Nice to have:
● Experience of driving solution and mitigation
of issues in a highly complex and global organization.
● Audit experience
● Permanent Contract
● Salary: 38K/50K (According to experience provided)
● Location: Madrid Hybrid work: (50% teleworking 50% in person: 1 month
teleworking, 1 month in person)