About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.
About BNP Paribas Group:
BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability
Commitment to Diversity and Inclusion
At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.
Job Title:
RISK Operational Risk Officer (ORO) AI Risk
Date:
Department:
RISK ORM ICT GROUP Risk
Location:
Mumbai
Business Line / Function:
RISK
Reports to:
(Territory)
Head of RISK ORM Network - Centres of Excellence - India
Grade:
(if applicable)
(Regional)
Number of Direct Reports:
N/A
Directorship / Registration
No
Position Purpose
Group RISK Operational Risk Management (RISK ORM) belongs to the second line of defense of BNP Paribas. This role will be within the Group AI Operational Risk Management capability of the Group placed under the responsibility of the Head of RISK ORM CTR, reporting to the Group Chief Operational Risk Officer.
Group AI Operational Risk Management has a global oversight of AI Technology and Operational Risks. AI Technology Operational Risks is a critical capability within Emerging Technology Operational Risks and Intelligence function to provide continuous spotlight on tactical and strategic risks impacting the bank from the ongoing adoption of AI with BNP Paribas and external marketplace.
Key Responsibilities
RISK Operational Risk Officer (ORO) AI Operational Risk
· Support AI Operational Risk Procedure Development: lead research, drafting, and maintenance of technology and operational risk procedures and guidance for the assessment of AI and Generative AI enabled projects and solutions.
· Committee Support and Strategic Insights: Proactively prepare comprehensive briefing materials, conduct in-depth analysis for AI project committees and forums including Group AI board, AI function review committee, AI and analytics forums and provide insightful perspectives to the Head of AI RISK ORM Initiatives for their participation in these committees and forums. Track action items and ensure effective communication of updates and decisions.
· Governance and Oversight Support: Conduct detailed analysis and provide expert support in the governance and oversight of group-level AI, ML, Data Science and Generative AI infrastructure and platforms, solutions, and ongoing AI initiatives, including GPU deployments, AI and Generative AI marketplace, LLM as a Service adoption, existing and new models evaluations like Mistral, OpenAI, LLaMa, DeepSeek, etc. This includes monitoring risk metrics, identifying potential issues, and recommending mitigation strategies.
· Cross-Functional Collaboration and Evaluation: Actively collaborate with Legal, Compliance, and Group and entity RISK teams in the evaluation and rollout of AI and Generative AI solutions including impact and measures of EU AI Act on operational and technology risks, providing risk-focused expertise and ensuring robust risk controls are integrated.
· AI Blueprint development Contribution: Play a significant role in the conception and development of group-wide AI blueprint exercise, contributing risk management expertise, conducting detailed analysis, and ensuring the integration of robust risk considerations into the overall strategy.
· Training Material Development and Delivery Support: Develop comprehensive training materials and support the Head of AI initiatives in the delivery of training sessions on AI risks for Operational Risk Officers (OROs).
· CGP, CSSI, NAC/TAC Review and SME Support: Act as a key point of contact and provide expert Group RISK ORM SME input in Group CGP and CSSI reviews, entity-level NAC/TAC reviews and ITVCs related to AI and Generative AI, ensuring thorough risk assessment and appropriate controls.
Contributing Responsibilities
· AI project reviews – As a key contact and SME on AI technology risks, lead and perform AI project reviews and risk assessments of existing and emerging AI initiatives, identifying potential vulnerabilities and developing effective mitigation strategies. Stay abreast of the latest trends, threats, and regulatory developments in AI space.
· AI Operational risk community management – Provide support to RISK ORM AI leads by conducting and participating in AI Operational risk community management meetings. Promptly send and track action and information items for the stakeholders. Promptly send minutes of meetings with action and information items for the stakeholders and ensure action and follow up items are tracked and communicated.
· AI RISK taskforce coordination – Provide support to Head of AI RISK ORM for AI Risk taskforce and governance forum coordination with RISK teams including IRC, TPTRM, DPO. Ensure action and follow up items are tracked and communicated.
Technical & Behavioral Competencies
5+ years of experience audits and risk assessments of enterprise-scale AI/ML solutions in a global financial services organization.
· Deep understanding with 3+ years of hands-on experience with large language models and generative architectures
· Strong understanding of AI risk assessment methodologies and mitigation strategies
· Excellent analytical and problem-solving skills with the ability to independently assess complex risks and develop effective solutions, including experience with AI risk management tools (e.g., Yields, Arize, etc.).
· Relevant trainings and certifications such as NIST AI Risk Management Framework training, Professional Certification in AI / ML with rusk modules or Certified AI Risk Management Specialist are highly preferred.
· Familiarity with AI Security frameworks like Databricks AI Security Framework, OWASAP Top 10 LLM & Generative AI Security risks and industry standards like ISO 42001 AIMS is a significant advantage.
· Knowledge of cybersecurity threats specific to the AI and Generative AI space is desirable.
· Familiarity with regulatory requirements for AI in EU regions and globally with financial services sector specific for AI risk management and governance.
· Demonstrated knowledge in LLM fine-tuning, prompt engineering, and RAG implementation
· Experience with AI orchestration tools including LangChain, LlamaIndex, AutoGen, or similar frameworks
· Strong knowledge of vector databases, embedding systems, and semantic search optimization
· Proficiency with GPU infrastructure management, including scheduling, virtualization, and optimization
· Exposure to security in MLOps/LLMOps practices including CI/CD for AI applications
· Proficiency in large language models (LLMs) such as GPT, BERT, T5, and exposure in fine-tuning and deploying these models for enterprise applications.
· Knowledge of semantic search techniques powered by LLMs for enabling advanced search functionality over large datasets.
· Experience in prompt engineering for various AI models, including batch prompting, prompt chaining, and input/output validation.
· Ability to customize and build generative AI models using transfer learning and fine-tuning frameworks (e.g., OpenAI Fine-Tuning API).
· Strong knowledge of cloud AI services such as AWS SageMaker, Google Cloud AI Platform, and Azure Machine Learning to deploy and monitor AI/ML models.
· Experience using GPU/TPU-powered environments in cloud-based AI model training, including knowledge of the GPU/LLM market and hardware optimization.
· Strong working knowledge of big data analytics tools like Apache Spark, Hadoop, and Kafka, particularly in AI/ML contexts.
· Exposure in setting up data pipelines and managing data lakes for large-scale AI/ML and GenAI applications (e.g., AWS Glue, GCP Dataflow, Azure Data Lake).
· Experience in AI ethics, including bias mitigation, fairness, and compliance in AI model design and deployment.
· Strong understanding of AI alignment principles and frameworks like Constitutional AI to ensure that AI models behave responsibly and align with human values
· Familiar with open-source and closed-source AI models, with experience in evaluating the trade-offs and costs of using each for enterprise AI deployments.
· Exposure in deploying AI agents and integrating LLMs with external applications (e.g., AutoGen framework for building autonomous agents).
· Strong understanding of operational risk management frameworks, methodologies, and their application to AI risks including experience in drafting and implementing risk procedures.
· Demonstrated experience in operational risk management or 2LoD technology risk oversight.
· Strong analytical, communication, and stakeholder management skills. Proven ability to engage with senior executives, regulators, and audit teams.
· Bachelor’s or Master’s degree in AI specialisation, Cybersecurity, Computer Science, Risk Management, or a related field. A master’s degree is a plus.
· Strong written and verbal communication skills, with the ability to articulate complex technical and risk-related concepts clearly and concisely to both technical and non-technical audiences.
· Ability to work independently, manage multiple complex tasks, and prioritize effectively in a fast-paced environment.
· Strong attention to detail and a commitment to accuracy and thoroughness.
· Ability to use data analysis tools (e.g., Python, SQL) and relevant software.
· Ability to collaborate effectively with cross-functional teams and build strong working relationships.
Competencies (Technical / Behavioural)
The successful candidate will have a proven track record in managing risk and technology in large/global organizations with robust knowledge of technology, risks and controls, IT and cloud risk and cyber security, operational resilience, and third-party technology risk management. Prior ICT risk experience and exposure to the Financial Services industry is a requirement. Experience with risk management tools and information systems is beneficial.
Skills Referential
Behavioral Skills:
Decision Making
Client focused
Ability to collaborate / Teamwork
Attention to detail / rigor
Analytical skills
Transversal Skills
· Ability to articulate risk management concepts in business language
· Excellent written and verbal communication (English)
· Proficient with Microsoft Office Suite
· Experience within a regulated environment such as financial services industry
· Proven ability to manage issues through resolution
· Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times
· Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework
Conduct
· Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks
· Consider the implications of actions on colleagues, partners and clients before making decisions and escalate issues to manager when unsure
Specific Qualifications Required
· Graduate or post-graduate qualification in ICT domains, risk management or control function
· 8 to 10 years or more experience or practical understanding in Risk, Security and other ICT domains required.
· 6 to 7 years or more experience or practical understanding in Cloud platforms and Cloud Security.
