Moteur de recherche d'offres d'emploi Crédit Agricole CIB

Head of Risk Management & Control – CACIB U.S.

Vacancy details

General information


About Crédit Agricole Corporate and Investment Bank (Crédit Agricole CIB)

Crédit Agricole CIB is the corporate and investment banking arm of Credit Agricole Group, the 12th largest banking group worldwide in terms of tier 1 capital (The Banker, July 2021). Nearly 8,600 employees across Europe, the Americas, Asia-Pacific, the Middle East and Africa support the Bank's clients, meeting their financial needs throughout the world. Crédit Agricole CIB offers its large corporate and institutional clients a range of products and services in capital markets activities, investment banking, structured finance, commercial banking and international trade. The Bank is a pioneer in the area of climate finance, and is currently a market leader in this segment with a complete offer for all its clients.

For more information, please visit




Update date


Job description

Business type

Types of Jobs - Information systems / IT Project management

Job title

Head of Risk Management & Control – CACIB U.S.

Contract type

Permanent Contract

Job summary


The Head of U.S. RMC reports locally to the U.S. COO and functionally to the Global Head of OPC/RMC.  RMC is comprised of three separate but related functions: 

Information Systems Security (ISS)

The Head of U.S. RMC serves as the CACIB U.S. Chief Information Security Officer (CISO) and as such is directly responsible for all Information Security functions in the U.S.   The U.S. CISO ensures that CACIB U.S. adheres to the Head Office policies, procedures, standards and directives and to all U.S. Regulatory requirements.   The U.S. CISO has a coordinating role for IT Security generally within the CACIB Americas region, but does not have the full scope of CISO responsibilities described for the U.S.   The U.S. CISO owns the CACIB U.S. Information Security program and is responsible for its evolution in line with threats, risks and Regulatory requirements.  The U.S. CISO is responsible for the execution and reporting of all components within the U.S. Information Security Program. This includes, but is not limited to, responsibility for ensuring the confidentiality, integrity, and availability of information assets by identifying and assessing risks, identifying threats and vulnerabilities, and implementing appropriate controls to adequately mitigate risks.

Business Continuity Planning (BCP)

This Head of RMC also oversees the BCP function for the U.S.  However, unlike the ISS role which is a direct management role, this is an oversight and coordination role as there is a Head of U.S. BCP directly reporting to the Head of U.S. RMC who is directly responsible for the BCP function.    

Controls, Incidents & Audits (CIA):

This is a new transverse function, spanning the entire IT and Operations Services (IOS) perimeter. Responsible for the management of operational incidents, implementation of controls and management of audits, including audit point follow-up.  

Key Responsibilities

•Full scope of U.S. CISO function as described in U.S. Regulatory frameworks and guidelines.

·Provide a written report on the overall status of the information security and business continuity programs to the board or an appropriate board committee at least annually and secure approval.  Major domains are:

o Cyber Risk Management and Oversight

o Threat Intelligence and Collaboration

o Cyber Security Controls

o External Dependency Management

o Cyber Incident Management and Resilience

•Manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.

•Management of the budgeting process including information security related expenses and tools.

•Conduct security assessments and develop road map. Define current state, future state and transition plans.

• Ensure compliance with legal and regulatory requirements related to cyber security.


Position location

Geographical area

America, United States Of America



Candidate criteria

Minimal education level

Bachelor Degree / BSc Degree or equivalent

Academic qualification / Speciality

•Ensure that CACIB NY has an information security and cyber security strategy that integrates technology, policies, procedures, and training to mitigate risk. Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.

•Ensure that CACIB NY has policies to manage the risk associated with risk external dependencies and third party management.  

Level of minimal experience

11 years and more


•Ensure that organizational assets (e.g., hardware, systems, data, and applications) are prioritized for protection based on the data classification and business value.

•Support the Continuous Monitoring Framework by effectively reporting the Key Risk Indicators (KRIs) and Key Control Indicators (KCIs) on a periodic basis, and incorporating into the information security dashboard via the control plan.

•Security status reporting including KRI’s and KPI’s to the CACIB Security Committees.

•Establish and oversee monitoring of applications, systems and networks to ensure compliance with CACIB security policies.

•Lead or commission suitable information security awareness, training and educational activities.

•Threat risk Assessment, management and monitoring.

•Manage U.S. BCP program and ensure compliance with U.S. Regulatory requirements.   

• Establish and manage the CIA function in line with governance and operational principles defined by Head Office.  

Management and Reporting:

•Reports locally to the CACIB U.S. Chief Operating Officer (COO) and functionally to the Global Head of RMC, with reporting/coordination to the Global Heads of ISS, BCP and CIA  

•Manages U.S. IT Security (ISS) team and U.S. BCP team  

Key Internal contacts:
•All CACIB GIT/SIT/ISS groups in Americas, Paris and CAGIP
CACIB U.S. and Regional Senior Management including Management Committee members

Required skills

•Members of the CACIB NY Security Committees which includes the heads of all CACIB U.S. Support Functions (Legal, Compliance, HR, etc.)  

Key External contact:

•Regulators, primarily but not exclusively the Federal Reserve and NYS DFS

•IT Security Consulting firms as required for specific engagements

•External Auditors (Ernst & Young, etc.)

Industry Associations:

Peers at other U.S. and Foreign Banking Institutions


• BS in Information technology or

Computer Science


•10+ years in IT Security

•10+ years in IS Security technical project &

•Risk Assessment

•Security Framework – NIST, ISO

•Windows & Unix operating systems

•Application and Host Security

•Interaction with IT Teams and

Business Users

•Understanding of IT Security

Controls and Alert/Monitoring

•Active Directory User and Computer management

•UNIX access Management

•VMS access management

•Exchange Access Management

•RSA Access Management

•Experience in management of access in business application

•Knowledge of Access Provisioning

Systems (i.e. GRANT)

•Entitlement Review Process

•Understanding of staff movement process and related security tasks

Technical skills required


• Advanced studies in information security and/ or Masters in information security

•IT functions

•Corporate and Investment Bank


•SANS Security Training or similar


•Basic knowledge of PowerShell

•S400 access management

•Knowledge of Monitoring, Log, and Alert systems

•Knowledge of Administrative functions of various Infrastructure Tools