IT RISK Senior Assessor – Payment Systems

February 15, 2024

IT RISK Senior Assessor – Payment Systems


  • Standard / Permanent
  • ES-MD-Madrid
Apply for this job

BNP Paribas is an international bank with leading positions in the European market. It is present in 74 countries and employs more than 192,000 people, 146,000 of whom are in Europe. The Group holds key positions in its three main areas of activity: Domestic Markets and International Financial Services (whose retail banking and financial services network is part of Retail Banking & Services), as well as Corporate & Institutional Banking, which offers services to corporate and institutional clients. The Group supports its customers (individuals, entrepreneurs, SMEs, large companies and institutions) to help them carrying out their projects by providing financing, investment, savings and insurance services.

In Europe, the Group has four domestic markets (Belgium, France, Italy and Luxembourg) and BNP Paribas Personal Finance is number one in retail financing in Europe.

BNP Paribas is developing its integrated retail banking model in the Mediterranean countries, Turkey, Eastern Europe and has an important network on the US West Coast. In both its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas has leading positions in Europe, a strong presence in the Americas and a solid and growing network in the Asia-Pacific region.

At BNP Paribas Group, we work continuously on behalf of our clients, helping them to realize their projects around the world. You can be an important part of this, helping us to serve our clients both in mature and emerging markets, providing them with financial solutions across a diverse range of expertise, products and services.

Strong risk management, combined with the stability that comes from being part of one of the largest banking groups in the world, underpin our success. Joining us, you’ll become an integral part of a dynamic team that spans nationalities, cultures and backgrounds, drawing together people from around the globe and reflecting our commitment to international placements.


At the Group level, the RISK ORM oversees supporting BNP Paribas Entities and Group Functions through RISK procedures and RISK ORM ICT (Operational Risk Management for Information and Communications Technology) organizational framework and governance for operational risk management and a permanent control framework.

Payment Systems Risk and Testing team is part of the RISK ORM Cyber and Payment Systems Risk Technical Test & Automation Centre. The team’s mission is to assess the design and effectiveness of ICT controls implemented in key Payment Systems across all entities in the Group to mitigate ICT risks and present a consolidated end-to-end risk view based on the output of its independent technical testing. As trusted partners, team helps the business sustainably enhance their ICT control environment and strengthen their overall security posture; through issuing permanent control actions based on root cause of the findings identified and validating remediation of such permanent control actions.


Integrated in the Global RISK ORM ICT Iberian CoE, the overall purpose of this position, as part of the RISK ORM Payment Systems Risk and Testing team, is to ensure the continued development and implementation of group-wide Payment Systems Technical Testing program, through leading and executing ICT risk assessments of Payment Systems across the group in accordance with the Group Risk ORM standards and policies.

In addition, this role will also be responsible for delivering the Operational Risk Officer (ORO) oversight activities per the operational risk management framework (ORMF) in IT departments supporting critical payment processing systems. Furthermore, this role entails representing the team in Risk Management governance committees (conducted in French/English); influencing the ICT risk culture by driving the agenda and reporting the risk status to the senior management through working in collaboration with other Stakeholders from the business and RISK ORM teams.


  • Lead independent testing mission engagements with accountability and responsibility to ensure that the engagement team delivers the missions within agreed timelines adhering to RISK ORM framework and high-quality standards.
  • Ensure that identification and assessment of operational risks are effective across the organization by correlating inputs from Independent Testing, Audit Findings, Internal Loss Data Collection & Analysis, External Data Collection & Analysis, Risk & Control Self Assessments, Business Process Reviews, KPIs & KRIs and Scenario Analysis.
  • Accountable for providing excellence within Payment Systems Risk domain and serving as an advisor to business managers, identifying, analysing, categorizing, and prioritizing the risks affecting BNPP.
  • Improve the effectiveness of the ICT Control Framework for Payment Systems by regularly assessing the control environment, risk assessment process, control activities, and monitoring activities in accordance with the Group Risk ORM standards and policies.
  • Monitor operational risk profiles and material exposure to losses and provide appropriate reporting mechanism to senior management and business stakeholders, including through risk management governance committees.
  • Contribute to the implementation and enhancement of BNPP operational permanent control framework.
  • Provide a fair check and challenge to the LoD1 on Payments related Regulatory Attestation Exercises (e.g. CHAPS, TARGET2 and PSD2)
  • Provide Payments Systems risk management consulting to the business, technical and operations groups.



  • Master Degree or equivalent in ICT domains.
  • Professional qualification and expert knowledge in a specific Risk specialism and how that fits within the broader organization as well as more deeply within the Risk function.
  • Industry recognised ICT Risk Management Qualifications such as CISA, CRISC, CISSP etc.
  • Degree level qualification in STEM subject will be advantageous.


  • 10 & 12 years of experience in IT audit / ITGC controls testing / technical assessments, preferably in the areas of Payments Technology or Cyber domains within in a financial institution.
  • Good working knowledge of best practices in risk management processes within the Banking sector.
  • Ability to lead risk assessments.
  • Good working knowledge of concepts related to Payment and Information Security including emerging threats and attacks methodologies is highly desirable, at least in most of the below areas:
  • Payment Flows/Chains
  • SWIFT Systems
  • Good technical understanding of security technologies, including intrusion detection/prevention, correlation of events, firewall, antivirus, anti-spam, policy tightening, patch management and configuration management, audit, security development technique, etc.
  • Knowledge of cryptographic standards for encryption, electronic signature, key management infrastructure (PKI).
  • Knowledge of IT Risk Management


  • English: Fluent
  • French: Intermediate


  • Role model, promotion of a culture of good conduct and contribution to maintaining such a culture
  • Excellent analytical skills with the ability to translate technical concepts and provide specialist guidance and advice to others.
  • Demonstrated ability to communicate effectively and to present in a structured approach in English.
  • Strong people management skills and an ability to work with individuals to set individual objectives and manage performance to ensure their delivery.
  • Proven commercial and communication / relationship management skills.
  • Prepared to travel internationally
  • Personal Impact/ Ability to influence
  • Analytical Ability
  • Communication skills


  • Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries.
  • Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity).
  • Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities.
  • Flexible compensation plan
  • Hybrid telecommuting model (50%)
  • 31 vacation days

Diversity and Inclusion commitment

BNP Paribas Group in Spain is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.

Offers you may be interested in