Cyber Security Assessment Officer

September 19, 2023

Cyber Security Assessment Officer


  • Standard / Permanent
  • CA-QC-Montréal
Apply for this job

In a changing world, unprecedented challenges require unmatched talent. Join one of Montreal’s Top Employers in 2023. We are a dynamic and growing organization having its main establishment located in downtown Montreal and part of a leading international banking institution fully committed to building a more sustainable future. Note that the position may be in the Canadian Branch of BNP Paribas or in one of its subsidiaries based in Montreal.

The position at a glance

 The Cyber Security Assessment Officer will ensure key Information Security activities align to Corporate and Regulatory requirements. They will map and track existing processes/workflows against these requirements and, working with other SMEs around the bank, identify when changes and/or updates are required.

When required they will lead the effort to create new processes, identify gaps/area of improvements between the new and existing programs and then, working with the team heads, develop and track progress against a project plan for implementation of the changes.

In detail

  • Ensure alignment with Corporate (CIB, Group) and Regulatory (NY DFS, FFIEC, GLBA, GDPR, PIPEDA, etc.) requirements for the management of Information Security program.
  • Analyze control frameworks (NIST, ISO, COSO) and mapping to existing Information Security workflow and processes identifying gaps and improvement of Cybersecurity controls deployed within the Americas Region.
  • Maintain the programs Application Security and Third Party Security leverage to assess targets (applications/third parties) with mappings to Corporate and Regulatory requirements.
  • Coordinate with external teams (outside Information Security) to review companywide risk control testing results and update the Application Security and Third Party Security programs with areas of improvement.
  • Contribute to Audit campaigns (internal/external), evidence collection/review and attestation exercise when required.
  • Identifying and reporting/escalating potential areas of improvement.
  • Follow up on corrective action plans, remediation engagement and review policy/procedure, controls, testing evidences.
  • Perform or assist Management on Security reviews and assessments supporting Business requirement.

The strengths and skills that will help you succeed

Candidates will be measured on the following four performance drivers, which will dictate how individual impact is considered on the Americas platform:

Results and Impact

  • Impacts division and influences peers and team
  • Demonstrates good judgement when making decisions of high complexity and impact
  • Relies on limited guidance for most complex decision making
  • Is responsible for driving outcomes which have meaningful effect on team or department

Leadership and Collaboration

  • Creates trust with department leaders
  • Acts in leadership capacity for large projects, processes, or programs for a team

Client, Customer and Stakeholder Focus

  • Able to build relationships with a mix of intermediate and senior colleagues or clients
  • Interacts regularly with management and department leaders
  • Demonstrates the ability to persuade and influence stakeholders at the team level

Compliance Culture and Conduct

  • Takes full responsibility for personal actions and demonstrates courage in facing problems and conflicts
  • Perceived as a person of high moral character; upholds corporate values and displays high ethical standards”

Minimum Required Qualifications:

  • Bachelor of Computer Science degree from an accredited college or university, or equivalent degree/work experience.
  • Minimum 5 years professional work experience, including a minimum of 3 years in an Information Security, IT Governance, IT Audit or Risk Management role.
  • Knowledge of Information Security functions (e.g. application security, 3rd party security, data loss prevention and detection, vulnerability management, identity and access management, incident response management, and network architecture).
  • Experience and thorough understanding of Risk Management Framework (NIST RMF) lifecycle to include a working knowledge of the each of the stages within the process.
  • Knowledge of Information Security frameworks and regulations such as NY DFS, FRB, FFIEC, NIST Cybersecurity Framework, SANS Critical Security Controls, OWASP Top 10 and others Information Security frameworks and regulations applicable to Americas.
  • Strong analytical, verbal and written communication skills (briefing up to C-level).
  • Ability to adapt to changing priorities, handle multiple assignments, and adhere to strict deadlines.
  • Proficiency in organizational and documentation skills, strong coordination with several different teams.
  • Good communicator with demonstrated ability to convey key messages in a clear and concise manner.
  • Proficiency in using Microsoft PowerPoint, Excel, and other Microsoft Office tools.
  • Knowledge of English is required

Preferred Qualifications:

  • Master’s degree in Information Technology, Cyber Security or Computer Science.
  • Information Security certifications: CISSP, CISA, CRISC.
  • Experience working with documents such as System Security Plan (SSP), Security Assessment Report (SAR), Contingency Planning, Incident Response Plan, Plans of Actions and Milestones (POA&Ms)
  • Experience in program and project management
  • Speaking French/Portuguese/Spanish is a plus.

FINRA Registrations Required:

Not Applicable  

CFTC Swap Dealer Associated Person (if yes, NFA Swaps Proficiency Program is required):

  • Not Applicable

SEC Security-Based Swap Dealer Associated Person:

  • Not Applicable

What’s in it for you

In addition to competitive compensation, we offer flexible benefits including a family and spouse insurance program, a defined contribution pension plan and paid days for volunteering. Hybrid work arrangements, such as remote working up to 50% and flexible working hours are available for most positions. BNP Paribas provides excellent training and personal development programs, as well as opportunities for career development within the company and internationally.

To find out more about our range of benefits, click here

What you need to know

  • We will review candidates as they apply, so don’t wait to submit your application; 
  • If you are selected to participate in the recruitment process, please inform Human Resources of any accommodations you may require. BNP Paribas will work with you to ensure that you are able to participate fully in the process;
  • You must be legally eligible to work in the Greater Montreal area and, if applicable, hold a valid work or study permit. Physical presence in BNP Paribas’ office(s) is an essential function of this position; 
  • Given the vast majority of our clients, both internal and external, are based outside of Quebec and Canada, specific language requirements may apply. These will be clearly mentioned in the qualifications of the position;

Diversity, Equity and Inclusion (DE&I) at the heart of our commitments

At BNP Paribas all employees are on an equal footing allowing us to create a work environment that values and respects people for their talents, skills and competences.

BNP Paribas recruits, employs, trains, compensates and promotes regardless of race, religion, colour, national origin, sex, disability, age, and other protected status (Employment Equity Act and Canadian Human Right Act).

To learn more about our DE&I commitments, click here

About us

BNP Paribas is the top bank in the European Union and a major international banking establishment. Present in 65 countries, with more than 190,000 employees, the bank holds key positions in several areas of banking and financial services.

BNP Paribas’ mission is to contribute to a responsible and sustainable economy by financing and advising its clients according to the highest ethical standards, while striving to respond to essential concerns in terms of the environment, regional development and social inclusion.

Since 1961, BNP Paribas has supported large Canadian companies and institutions in their business development by offering a full range of specialized financial services and investment products.

With over 1,200 employees, BNP Paribas in Canada continues to attract experts from diverse fields as well as ambitious young talent from around the world. We are proud to offer our employees a rewarding and international workplace where they can build their professional careers by honing their skills, meeting challenges and enriching their knowledge of the financial industry.

Our certifications and partnerships

  • Montreal Top Employer 2023
  • Canada’s Best Diversity Employer 2023
  • Women in Governance  – Parity certified –  Gold certification
  • CCDI Consulting Inc. (Canadian Center for Diversity and Inclusion)
  • Pride at Work Canada
  • Rainbow Accreditation issued by Canada’s LGBT+ Chamber of Commerce (CGLCC)
  • ROSEPH – Grouping of specialized organizations for the employment of persons with disabilities
  • IndigenousWorks
  • Part of Les Affaires top 300 companies in Quebec

Do you want to discover other BNP Paribas offers in Canada?

Click here: BNP Paribas in Canada Our job offers

** Only selected applications that meet the requirements of the role will be contacted **

Offers you may be interested in