About BNP Paribas India Solutions: Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions. About BNP Paribas Group: BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability Commitment to Diversity and Inclusion At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. About Business line/Function: The Information and Communications Technology (ICT) Risk department is part of the Group Risk Functions within BNP Paribas. It is a part of the 2nd line of defense under the Bank’s Chief Cyber & Technology Risk Officer. Among others, the department is responsible for the identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions. Position Purpose The role holder will be part of a small team responsible for the implementation, management and innovation of 2nd line of defense risk management within the Information and Communication Technology (ICT) space, focusing on Operational Resilience at the Group. Responsibilities will include second line of defense oversight for Operational Resilience Domains such as Business Continuity/DR, IT Resilience, Cyber Resilience (including Cyber Fraud), Third Party Resilience and Crisis Management. The role holder will work with colleagues in Group RISK ORM Operational Resilience team, in support of and in close co-operation with RISK ORM ICT in Regions, as well as 1st line of defense ICT, business and offshoring teams and stakeholders. The candidate shall be an all-round specialist in Information and Communication Technologies, which include IT Processes (Architecture, Network, Systems, Application), Governance, Cyber Security and Operational Resilience related subjects. The candidate shall play a leading role in the successful completion of assigned assessments from start to finish and shall be competent to strengthen team spirit, improve team skills on different ICT subjects and ensure the quality, relevance and traceability of all identified gap. As a subject matter expert on ICT, the successful candidate shall stimulate and bring knowledge and innovation to the RISK ORM ICT Operational Resilience, in supporting of RISK ORM ICT Regional teams, helping to elevate the knowledge base and skills of the team. Responsibilities Governance & Oversight · Provide IT & Cyber risk management (especially related to Operational Resilience) consulting to the business, technical and operations groups · Provide direction, support and oversight with respect to management of security and technology risks of core systems and applications, and its resiliency · Drive effective implementation and communication of Operational Risk Management (especially Operational Resilience related) policies and guidelines Risk management environment · Identification & Assessment: Ensure that the identification and assessment of operational risks are effectively done across the organisation by correlating input from Audit Findings, Internal Loss Data Collection & Analysis, External Data Collection & Analysis, Risk Control Self Assessments, Business Process Mapping, KPIs & KRIs, Scenario Analysis, Quantified Measurement & Comparative Analysis · Monitoring & Reporting: Implement a process to regularly monitor operational risk profiles and material exposure to losses and provide appropriate reporting mechanisms to the board, senior management and the business lines. Data capture and operational risk reporting should be continuously enhanced and provide a feedback loop to enhance risk management policies, procedures and practices. · Control & Mitigation: Improve the effectiveness of the Internal Controls programme by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities. Assess operational risk response strategies. Validate risk transfer options. · Risk Disclosure: Provide updates on regulatory and financial disclosure while complying with external and regulatory communications standards and disclosing the operational risk management framework of the bank in a manner that complies with the formal disclosure policy approved by the board of directors. Defines approach for determining what operational risk disclosures are made and the internal controls over the disclosure process. Implement a process to assess the appropriateness of the disclosure, including the verification and frequency. Operational Resilience Manage the delivery, testing and management of Operational Resilience risk policies, standards and associated controls Perform gap assessment of Operational Resilience regulations, standards and guidelines of assigned territories and ensure compliance through 1st Line of Defence Manage assurance/oversight of Operational Resilience directly owned controls and in-directly owned Resilience controls and ensure these controls are tested for operational effectiveness Provide active advisory, partnership, challenge or approval to applicable risk owners to ensure appropriate prioritization and resolution Perform relevant 2nd Line Of defence thematic or issue based deep dives Support the business in identifying (through control testing) Resilience gaps in process, controls and also in remediating these Contribute to the design, development and specification of new/redesigned processes, systems, information, risk controls, testing regimes, documentation and supporting materials Crisis Management: Ensure 2nd line of defence risk oversight of Crisis Management program Contribute to the development of the crisis management framework; including: policies, standards, aide memoires, SOPs, playbooks, escalation protocols, etc. Support the delivery of independent crisis exercises and test incident and crisis response capability. Develop and implement process for validating effectiveness of the crisis management program. Participate in After Action Reviews. Build and establish networks and relations with other key internal stakeholders Third Technology Risk: Provide 2nd line of defence risk oversight of Third Party Cyber & Tech Risk program Conduct independent technology and cyber risk assessment of Outsourcing risks 2nd LoD Thematic review of critical suppliers from a Cyber & Tech Risk perspective Assist Global Head in developing Group wide 2nd LoD framework and policies regarding Third Party Tech Risk programs Contributing Responsibilities Governance & Oversight · Contribute to the establishment of an IT & Cyber Risk Management program for the bank within the three lines of defence model in alignment with the Group Risk Management Framework · Assist with establishing and oversight of the Operational Risk Management infrastructure and ensure practices are consistent with regulatory expectations and industry sound practices Risk management environment · Operational Resiliency: Support the regional oversight of Group/Regional operational resiliency program to ensure the ability of the bank to operate on an ongoing basis and limit the losses in the event of severe business disruption. Coordinate with the first and third lines of defence to test these plans to ensure coverage and adequacy.
Job Title
Vice President - Risk Officer, RISK ORM ICT - Operational Resilience