Vice President – Operational Risk Officer – Technology Expertise
Vice President – Operational Risk Officer – Technology Expertise
Reference48315370
- Permanent
- IN-Karnataka-Bangalore
- RISK
About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24×7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.
About BNP Paribas Group:
BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group’s performance and stability
Commitment to Diversity and Inclusion
At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.
About Business line/Function:
RISK Operational Risk Management (RISK ORM) CIB belongs to the second line of defence of BNP Paribas Corporate and Institutional Bank (CIB). RISK ORM CIB belongs to the Risk Function (RISK) of BNP Paribas (RISK) and is placed under the responsibility of the Chief Operational Risk Officer (CORO) for CIB.
The department has responsibility for independently challenging and supervising the Operational Risk management of CIB activities (Global Banking, Global Markets, Securities Services, Operations and Functions) on a worldwide scope. In the territories that CIB operates, there is responsibility to cover the Assets Liability Management and Treasury (ALM-T) operations too. All of the above is achieved through framing operational risk methodology for CIB and disseminating of risk management culture across CIB; assessing the adequacy of the CIB operational risk management set-up; controlling effectiveness of CIB control environment; contributing to the detection, anticipation and response to risks; alerting CIB and RISK stakeholders on any significant risk issue; providing a consolidated view on CIB operational risks profile.
As the second line of defence for Information and Communications Technology (ICT) risks, RISK ORM has the responsibility for oversight and supervision on ICT risks for CIB, ensuring and opining that appropriate ICT risk management efforts are underway and raise any alerts in case of issues to the stability of the Bank and influencing business, functions, and technology partners to take sound risk management decisions
Job Title:
Vice President – Operational Risk Officer – Technology Expertise
Date:
October 24
Department:
RISK CIB – RISK ORM CIB – Centre of Excellence
Location:
India
Business Line / Function:
RISK
Reports to:
(Direct)
Grade:
(if applicable)
(Functional)
Number of Direct Reports:
Directorship / Registration:
NA
Position Purpose
• Purpose: The ICT risks including, but not limited to, Information Security, ICT Availability and Continuity risks, ICT Change risks, ICT asset management, ICT resilience and ICT outsourcing are a key topic for losses, reputational impact, and systemic operational risk for financial services. This role exists to support the supervision and oversight of the management of such risks. Specifically, the role will be involved in independent control through Level 2 Controls and quality review of the ICT incidents.
• Scope: ICT supporting the CIB businesses and operations
Responsibilities
The candidate will be responsible for operating independently and supporting the the RISK ORM CIB Technology and Transversal Risks team in its mission of ensuring the correct implementation of BNP Paribas permanent control framework.
Such support activity by this role includes –
1. Following-up on the exceptions to the global normative framework for ICT risk management, including following-up on exceptions to any ICT procedures and any ICT Risk acceptance or mitigation on the normative framework (controls, procedures and other IT activities).
2. Supporting the control on ICT outsourcing risk management through opining on the risk assessments of ICT arrangements, their exit strategies, any notifications to authorities and ensuring data collection and inventory of data pertaining to the specific arrangement in CIB and Group inventories.
3. Performance of second level of controls (L2Cs) and other analyses aiming to ensure the appropriate design and effectiveness of the ICT control framework implemented by 1LoD, identification of areas for improvement and any recommendations for improvement.
4. Following up on the actions raised by RISK ORM CIB teams for ICT, recommendations from internal audit (Inspection General) and any other supervisory and regulatory bodies.
5. Checking and challenging and quality review the ICT incidents collection, reporting and management processes and their follow through during such incidents.
6. Checking and challenging the ICT indicators related to risk appetite of CIB and entities.
7. Support on the opinion provided on on change the bank (CTB) activities for ICT such as ITVCs, Proof of Concepts, Artificial Intelligence (AI) and Digital Assets projects and CSSI committees.
8. Production of reports, meeting decks and other deliverables in relation to the above points.
Assistance in promoting and driving awareness on ICT risks; to assist in organising risk meetings, forums and committees with community members across CIB
Contributing Responsibilities
Successful candidate will have exposure to operating in risk management programs in global organizations, with robust knowledge of technology, risks, architectures, and related tools. Prior ICT continuity or ICT risk management experience (ICT, Cyber, resilience etc.) and exposure to the Financial Services industry is a must. Experience with Governance, Risk and Compliance (GRC) tools and other risk management information systems is preferred.
The individual will assist in the preparation / contribution to the development of independent testing controls and support the wider RISK ORM community globally in defining better maturity models for independent testing. Excellent presentation skills are necessary. Experience interacting with regulatory agencies is a plus
Technical & Behavioral Competencies
- Good knowledge of Business Continuity, ICT Continuity and Audit methodology and concepts.
- Understanding of the banking industry’s regulatory requirements on ICT (e.g., NIST Cyber Security Framework, ISO27001, EBA Guidelines on ICT and security risk management etc.)
- Ability to articulate risk management concepts in business language
- Excellent written and verbal communication skills
- Proficient with Microsoft Office Suite
- Prior experience documenting tool requirements to support risk management
- Ability to travel to vendor sites and perform assessments as necessary
- Proven ability to manage issues through to resolution; skilled at making judgment calls.
- Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times
- Industry certifications (e.g. CISA, CISM, CRISC) or willingness to obtain the same
- Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework.
- Multilingual capability (English and French) is preferred
Conduct:
- Be a role model, supporting and fostering a culture of good conduct.
- Demonstrate proactivity, transparency, and accountability for identifying and managing conduct risks.
- Consider the implications of your actions on colleagues, partners, and clients before making decisions, and escalate issues to your manager when unsure.
Specific Qualifications (if required)
Specific requirements:
- Suitable experience (5+ preferred) in ICT audit, ICT risk management or ICT continuity.
- Bachelor’s degree in information technology, Information Security, Business or Risk Management (or equivalent professional qualification).
- Team player – focus on the success of the whole team. Working well both with others, as well as individually.
- Excellent stakeholder management skills.
- Experience in a 2LoD, Risk function, operations or an ICT Audit role.
- Good listening and analytical skills – being able to come to a thoughtful and business focused conclusion quickly.
- Ability to co-operate and work well with others adopting an approachable style
- Ability to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits.
- Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate.
- Adapting personal approach to suit situations, individuals, groups and cultures.
- Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well.
- Being rigorous and thorough – especially when logging and tracking issues through to conclusion.
- Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management.
- Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business.
- Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate.
Skills Referential
Behavioural Skills: (Please select up to 4 skills)
Ability to collaborate / Teamwork
Organizational skills
Client focused
Ability to deliver / Results driven
Transversal Skills: (Please select up to 5 skills)
Ability to understand, explain and support change
Analytical Ability
Ability to manage a project
Ability to develop and adapt a process
Ability to inspire others & generate people’s commitment
Education Level:
Choose an item.
Experience Level
Choose an item.
Other/Specific Qualifications (if required)
– Enable teamwork by empowering and managing people to fulfil the RISK Hub’s strategic objectives and any specific objectives on ICT risk management.
– Be the single point of contact for this specific team for CIB activities.
– Provide conducive work environment for a healthy working atmosphere in a competitive environment.
– Upskilling team member’s basis the skill matrix and PDP follow through.
– Promote training awareness, recognize team members, value their contribution and provide opportunities for growth and mobility.
– Fair dealing with staff members on day to day business deliverables and ensure administrative aspects including attendance, training and continuous feedback are totally intact