Managing Director – IHC CISO

Business Overview/Position Overview:

The Chief Information Security Officer (CISO) is responsible for overseeing the information security strategy and direction for BNP Paribas’ Intermediate Holding Company (IHC).

S/he collaborates and counsels BNP Paribas USA Senior Management on information security programs, risk management frameworks, information security policy development and maintenance, design of information security policy education, training, and awareness activities, monitoring compliance with company security policies and applicable laws; and coordinating reporting of security incidents. The CISO will also collaborate with the broader BNP Paribas leadership team, focusing on a holistic and global information security program with European counterparts.

S/he reports hierarchically to the IHC Chief Operating Officer (COO) and functionally to the Group CISO and CIB ITO Global Chief Conduct and Control Officer (CCCO).

Candidate Success Factors:

Candidates to be measured on the following four performance drivers, which will dictate how individual impact is considered on the Americas platform:

• Results and Impact
  • Impacts division and influences peers and team
  • Demonstrates good judgement when making decisions of high complexity and impact
  • Relies on limited guidance for most complex decision making
  • Is responsible for driving outcomes which have meaningful effect on team or department
• Leadership and Collaboration
  • Creates trust with department leaders
  • Acts in leadership capacity for large projects, processes, or programs for a team
• Client, Customer and Stakeholder Focus
  • Able to build relationships with a mix of intermediate and senior colleagues or clients
  • Interacts regularly with management and department leaders
  • Demonstrates the ability to persuade and influence stakeholders at the team level
• Compliance Culture and Conduct
  • Takes full responsibility for personal actions and demonstrates courage in facing problems and conflicts
  • Perceived as a person of high moral character; upholds corporate values and displays high ethical standards

Responsibilities:

• Coordinate investigation and reporting of security incidents
• Evaluate and report on Americas’ information security maturity and compliance with company security policies and applicable laws
• Steer and look after IT and Cyber Risk Management for the Americas
• Follow remediation projects for IT Risk in Americas
• Handle Information Security and IT Risk reporting to IHC, Regional and Global governance bodies

Additional Scope of Role:

• Setup and maintain an Information Security governance in line with Group, CIB and local regulations
• Maintain and publish an Information Security procedural framework (policies, standards, procedures, requirements, indicators and control plans), making sure that CIB, Group and regulatory requirements are accounted for

• Taking into account, the identification and assessment of risk and controls, in accordance with the Group and CIB’s objectives, with the regulatory requirements and peer practices, establish the Americas cyber strategy.
• Along with IT and IT Production in the Americas, drive articulation of the strategy, investment budget and associated IT/IS resourcing to strengthen the cybersecurity of the Americas.
• Establish both surveillance and watch in order to anticipate risks on cybersecurity related to technology used in the Americas
• Make sure that security be integrated to the project management processes by supplying appropriate policies and practices pertaining to information security
• Set up a targeted program of awareness and training for all Americas employees and more specifically for VIP and risky populations, relying as much as possible on Group and CIB contents already existing

• Make sure appropriate response is given to information security incidents, in line with Group reaction plans, along with Group CSIRT and CIB CSIRT
• Ensure definition and follow up of action plans after the incidents

• Act upon Americas IT teams to make sure our client data are protected, as well as the Bank’s data and IT assets, from a technical and organizational perspective
• Provide the IT and IT Production teams with security expertise and support
• Roll out controls internally for IT and external suppliers to ensure security measures are applied properly and that IT complies with existing laws and regulations across national and international requirements

• Report to the Americas, CIB and Group governance committees on progress for the Americas Information Security program
• Present to the Intermediate Holding Company Internal Control Committees and Board of Directors
• Represents BNP Paribas in front of US regulators for all Information Security related matters

• Engage in security watch with external peers to go over trends, findings and commons risks relating to information security and perform periodic exercises of benchmarking against peers
• Partner with internal peers to share best practices, trends and benchmarks

• Be the point of contact for Group and CIB IT Risk Management teams
• Define and speak through IT risk committees for Americas and attend CIB and Group committees

• Implement Group and CIB priorities and methodology with Americas for cyber and IT risk
• Promote usage of tools and best practices for IT Risk Management
• Ensure that IT risk and controls are identified and assessed for Americas

• Consolidate and analyze IT and Cyber risks for Americas entities, including Latin and South Americas subsidiaries
• Ensure Business and risk owners (CIO, CTO, …) approve risk acceptance for major risks
• Consolidate major risks, assess their impact and classify the risks
• Ensure definition of indicators, thresholds and objectives for IT and Cyber risks across Americas entities
• Follow control plans (through OPC) on each IT risk category within Americas
• Participate actively on writing up responses for regulators on IT and Cyber Risk topics

• Identify projects and remediation actions
• Follow progress of projects and remediation actions

• Provide regular reports on main information or alerts in Americas
• Inform on consolidated IT / IS Risk levels for Americas
• Provide his/her support (expertise, opinion) to Business and CIOs in the decision making process
• Have the Business and CIOs approve the most important milestones relating to IT Risk Management

• Ensure proper prioritization of security initiatives and spending across the Americas entities, including Production Security
• In alignment with Global Head of ITO CCCO and Americas CTO, coordinate the implementation of Information Security shared services
• Along with the Group CISO, define levels of service of cybersecurity given to non CIB entities in Americas
• Ensure periodical review of quality of services and seek to improve control effectiveness and efficiency across all Americas entities.

The expected starting salary range for this position in New Jersey is between $275,000 to $400,000 annually. The actual salary may vary based upon several factors including, but not limited to, relevant skills/experience, time in role, base salary of internal peers, prior performance, business line, and geographic/office location.

BNP Paribas is committed to providing a work environment that fosters diversity, inclusion, and equal employment opportunity without regard to race, color, gender, age, creed, sex, religion, national origin, disability (physical or mental), marital status, citizenship, ancestry, sexual orientation, gender identity and gender expression, or any other legally protected status.

About BNP Paribas:

BNP Paribas is a leading bank in Europe with an international reach across the US, EMEA and APAC. It has a presence in 65 countries, with nearly 190,000 employees. In the United States, BNP Paribas has built a strong and diversified presence to support its client base. We continue to grow and strengthen our commitment to the US market through our Corporate & Institutional Banking activities. We are one of a few non-US banks to offer a full value chain for our clients, from trading to financing, and clearing and custody in the US with the international footprint and capacity to deliver both globally and locally. Leveraging the strength of our European roots, our network can support clients in virtually every region of the world, enabling more connectivity and efficiency wherever our clients conduct business. We take pride in our expertise and our ability to adapt while constantly looking ahead to create a more sustainable world.

The bank employs nearly 6,000 people and has a presence in the country since the late 1800s in major cities including New York, Jersey City, Chesterbrook, PA, San Francisco, Boston, Chicago, Denver and Washington, DC.

As an international company with a global footprint, the unique cultures and viewpoints of our team members are an integral part of the fabric of BNP Paribas. We are a company with a purpose - to be a responsible and sustainable global leader. We aim to create an environment where our employees feel empowered to drive change, make an impact and be true to themselves. We employ talented individuals from a wide variety of backgrounds, locally and globally, and are inspired by our employees who help us in cultivating a diverse, equitable and inclusive workplace through initiatives such as our Diversity, Equity & Inclusion (DEI) Leadership Forum and Employee Resource Group (ERG) communities. We strive to be a workplace where all team members can grow and thrive and offer robust training, development and mentoring opportunities to make that vision a reality. Our leaders are deeply committed to DEI and highly accessible to our employees, consistently soliciting feedback on how we can continue to support our employees to reach their highest potential.

BNP Paribas. The Bank for a Changing World - https://usa.bnpparibas/en/homepage/join-us/our-opportunities/

Minimum Required Qualifications:

• 10 - 15 years of IT and/or security leadership in a complex global financial services organization, with extensive knowledge of US and European banking rules and regulators (Federal Reserve, New York State Department of Financial Services, European Banking Authority)
• Ability to assess and drive a comprehensive IT and cyber security risk management function that enables the Bank to identify, protect, detect, respond and recover from potential threats
• Must have a Bachelor's degree in Business, security systems, information technology management, or related discipline;
• Proponent of continuous improvement processes and the ability to challenge the status quo and serving as a change agent
• Strategic leader who can drive a vision while maintaining an execution-oriented for driving results
• Strong team management and development skills, with the ability to coach a team
• Business-focused executive, with financial acumen; ability to articulate cost-benefit analyses, manage budgets, and bring a business perspective to the IT and cyber risk function
• Articulate with the board, local and Global executive management, communicating a vision and reporting on the progress of security initiatives
• Ability to take initiative and make decisions under pressure, inspiring team members to challenge the status quo to improve processes
• Relationship builder who can partner with local and Global stakeholders and regulators to drive appropriate governance, risk, and compliance frameworks and programs
• Strong project management skills and the ability to coordinate, prioritize, and execute remediation initiatives, as required
• Strong influencing skills to get things done; s/he must have a collaborative approach with the ability to partner with cross-functional business leaders across the global enterprise

Preferred Qualifications:

• Knowledge of BNP Paribas organization is a plus
• Masters' Degree in Business or Technology is a plus
• French speaking is a plus

FINRA Registrations Required:

• Not Applicable

CFTC Swap Dealer Associated Person (if yes, NFA Swaps Proficiency Program is required):

• Not Applicable

SEC Security-Based Swap Dealer Associated Person:

• Not Applicable

BNP Paribas is committed to providing a work environment that fosters diversity, inclusion, and equal employment opportunity without regard to race, color, gender, age, creed, sex, religion, national origin, disability (physical or mental), marital status, citizenship, ancestry, sexual orientation, gender identity and gender expression, or any other legally protected status.

Primary Location

Job Type

Job

Schedule