Crédit Agricole CIB – Vice President

Summary

Position based in New York, within the Risk Division, to assist the CUSO Head of IT and Cyber Risk Management. The primary mission of the team is to reinforce the local implementation of Credit Agricole SA Group Operational Risk monitoring standards while ensuring U.S. specificities and requirements are properly taken into account. The team will be more specifically in charge of:

–          Assisting the CUSO Head of IT and Cyber Risk Management to oversee the IT and Cyber risks of the Combined US Operations

–          Work closely with the 1st Line of Defense (LOD) to create a well-managed environment

Responsibilities

Following the implementation of the Enhanced Prudential Standards, a FED regulation, a comprehensive risk framework has been developed to have a transverse and holistic view and monitoring of the risks of all activities of Credit Agricole in the United States (U.S.). Credit Agricole activities in the U.S. mainly consist of Credit Agricole CIB New York (CACIB NY), and Amundi U.S.

As member of CUSO IT and Cyber Risk Management:

Oversight Duties

–          Drive adherence with regulatory requirements and frameworks, such as: FBRNY regulatory guidance, FFIEC booklets, and NYDFS NYCRR 500

–          Define, develop, and manage an assessment program conducting assessments against industry standards, such as: NIST CSF, NIST 800-53, FFIEC Cybersecurity Assessment Tool (CAT), and Data Management Maturity Model (DMM)

–          Define, develop, and manage a testing program designed to oversee the design and effectiveness of IT and cyber controls

–          Oversee implementation of risk management frameworks related to IT security and IT Risk in the first LOD

–          Provide effective challenge to IT and Cyber security assessments executed in the 1st LOD.

–          Engaged in policies creation or enhancement focused on data management, data classification, enterprise data loss prevention, cloud data loss / cloud access security, data privacy

–          Engage in the incident management process.    Work with the 1st LOD to improve the control environment

Help define appropriate risk appetite limits associated with the technology environment then help –          develop and oversee monitoring of appropriate KRI’s across the technology environment.
–          Oversee the framework for business continuity and disaster recovery.    Participate where necessary in planning and/or test exercises.

Regulatory
–          Understand the changing regulatory landscape and evaluate impact of changes on Credit Agricole’s (CA) technology environment
–          Support regulatory exams by interfacing with regulators
–          Lead the process for Enterprise Risk Assessment for IT and InfoSec

Reporting

–          Provide technology based risk requirements/issues in non-technical terms to Sr. Management.

–          Oversee aggregated reporting of IT risks and issues

–          Communicate information across various committees and working groups

Salary Range: $150k-$200k