GROUP BNP PARIBASBNP Paribas Group is the top bank in the European Union and a major international banking establishment. It has close to 185,000 employees in 65 countries. In Spain we are more than 5,100 employees within 13 business lines.ARVALAt Arval, our mission is to improve peoples lives by offering mobility services tailored to the needs of our customers, with a clear focus on sustainability mobility. We offer a wide range of innovative solutions and provide a personalized service to our customers, from large corporations to private individuals. With more than 30 years of experience, a presence in thirty countries and a financed fleet of more than 1.5 million vehicles, we are leaders in our sector. Our new strategic plan Arval Beyond prepares us to offer our customers the best sustainable mobility adapted to their needs.ABOUT THE JOBMISSIONContributing to the deployment of the operational risk management system of Arval Latam entities.Within the framework of the associated governance, contributing to building a vision of the operational risk profile, including technological risks, for the attention of the CRO and CEO of the Business, and the Head of ORO of the perimeter concerned.RESPONSIBILITIESHelps to drive change by participating in the implementation of major transformation programmes, in particular when they are linked to a recommendation from the Supervisor or to compliance with a regulatory provision (e.g. project to monitor the execution and results of controls, Third Party Risk Management, operational resilience, Cyber fraud programme, Cyber programme, Data Leakage Protection Programme). Ensures that regulations, standards, guidelines and methodologies relating to operational risk are understood and implemented over time within Arval Latam perimeter (e.g. Risk and Control Self Assessment (RCSA), check & challenge incidents, etc.)Performs second-level checks.Conducts independent analyses.Anchors the use of the Group's operational risk management tools and associated reporting systemsImplements the operational risk decisions taken by the Head of OROs or CRO of the perimeter concerned, the Head of OROs of the Sector concerned and the Head of RISK ORM Network.Ensures that information is fed back and passed on in line with the issues at stake.Takes part in crisis management following an operational incident.Within the framework of associated governance (e.g. Internal Control Committee attended by the CEO of the perimeter concerned, quarterly monitoring committee attended by the CRO of the perimeter concerned), contributes to drawing up an overview of the operational risk profile of the Arval Latam entities concerned, including technological risks, for the attention of the CRO and CEO, the Head of OROs, and the Head of RISK ORM NetworkOn the basis of second-level controls and independent analyses carried out by the second line of defence, assesses the robustness of the system put in place by the first line of defence (organisation, procedural corpus, identification of processes and associated risks, robustness of the control framework put in place, management of incidents, permanent control actions, recommendations from the Inspectorate General, handling of exemptions, etc.), which may lead to permanent control actions where appropriate.Provides qualitative and quantitative monitoring of historical incidents, including analysis of the most significant incidents and supervision of the associated action plans, concerning the following risks:- Fraud, including cyber fraud- Safety of people and property- Deterioration of assets Outsourcing- Business continuity- Technological risks Personal data protection- Runtime errors - Monitors the quality of external events that may have an impact on the risk profile of the business area/unit/scope concerned- Manages the quantitative and qualitative remediation of the Inspectorate General's recommendations in the area concernedContributes to the OR&C Report for the perimeter concerned.
Helps strengthen the second line of defence against technological risks, given the growing role of technology in the Group's operational processes, and the need to ensure that technological risks, as operational risks, are effectively covered .Identifying critical third parties and assessing the technological risks associated with their services, as well as the impact of these risks on the business area/unit/perimeter processes.REQUIREMENTS