Risk Officer for Shadow IT en Inetum

Inetum is a European leader in digital services. Inetum’s team of 28,000 consultants and specialists strive every day to make a digital impact for businesses, public sector entities and society. Inetum’s solutions aim at contributing to its clients’ performance and innovation as well as the common good.

Present in 19 countries with a dense network of sites, Inetum partners with major software publishers to meet the challenges of digital transformation with proximity and flexibility.

Driven by its ambition for growth and scale, Inetum generated sales of 2.5 billion euros in 2023.

Job Description:

 Shadow IT (eg. IT outside the IT governance) is a risk for any organization and even worse for regulated companies like banks. The role for BNP Paribas CIB EMEA Risk officer for Shadow IT is to ensure this risk is properly managed, contributing for Governance, Risk and Compliance Frameworks, within BNPP CIB EMEA.

To do so, there is a need to manage a global inventory referencing all shadow IT usage with their resulting IT risks and for this portfolio the shadow IT risk officer is in charge of liaising with business teams to identify new or evolving Shadow IT situations, challenge content declared, data completeness and consistency but also provide support and coordination during assessment and validation. Finally, he/she will ensure follow-up of related KPI and KRI to be able to perform the reporting about these risks to the top management.

Main Tasks:

• Management of the Risk Register:
  • Update regularly IT risks criteria over time (risk category, owner, impact…)
  • Initiate & support the annual review of all IT risks in the Risk Register                                           
• Support risk assessment:
  • Organize with relevant stakeholders the assessment/analysis about identified IT risks (e.g.: impact, mitigation…)
  • Organize the validation of IT risks assessment
  • Organize the compliance with the BNPP Risk Management process
  • Collect new risk cards and challenge them with relevant stakeholders (e.g.: mitigation suggested)
• Reporting:
  • Gather feedback regarding formalization of risk cards & ongoing mitigation measures from risk owners
  • Follow KPI defined in risk cards (mitigation, impact…)
  • Perform a reporting about risks and risks mitigation to the top management, raise alerts if needed
  • Participate to the Business Line Risk committee to share inputs about risks (risks stored in Risk Register, level of risks, impact…)                                                   

• Proven experience in IT Risk Managent Methodologies, and knowledge in the following steps under IT Risk plan/ framework:
  • Risk monitoring (knowledge in risk management: ability to identify, alert and suggest remediation)
  • Risk analysis (ability to anticipate/analyze threats and create risk scenario) and - Risk opinion (ability to challenge, approve and decide (new activities, projects…)                                                      
• IT general knowledge (global knowledge of IT, its major processes and assets & solutions) and Cybersecurity (general knowledge in cybersecurity risks, frameworks, and requirements)                     GRC (Governance, Risk and compliance) for IT                                               
• Regulatory (general knowledge in IT and cybersecurity regulators framework) and Compliance (global knowledge of compliance, its major processes or regulatory framework)                                               
• Shadow IT ( (eg. IT assets outside the IT governance) Management
• Organizational skills:                                   
• Ability to collaborate / teamwork                                        
• Decision making                                          
• Analytical ability/ Critical thinking / Attention to detail & Rigor                                
• Autonomy       
• Fluent in English
• French is a plus