About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.
About BNP Paribas Group:
BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability
Commitment to Diversity and Inclusion
At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.
Risk Management – RISK ORO Group Cloud Risk
Job Title:
RISK Operational Risk Officer (ORO) Cloud Risk
Date:
Department:
RISK ORM ICT GROUP Risk
Location:
Mumbai
Business Line / Function:
RISK
Reports to:
(Territory)
Head of RISK ORM Network - Centres of Excellence - India
Grade:
(if applicable)
(Regional)
Number of Direct Reports:
N/A
Directorship / Registration
No
Position Purpose
• As a Cloud risk officer for BNP Paribas Group Operational Risk Management function, support Cloud operational and technology risk management throughout the lifecycle of private, hybrid and multi cloud platforms
Key Responsibilities
RISK Operational Risk Officer (ORO) Cloud Risk
• Ensure that the governance, risk control and assurance frameworks for operational and technology risk management are robustly implemented to mitigate operational, cybersecurity and technology risks across multi cloud platforms at BNP Paribas that comprises of IBM Cloud dMZR (dedicated multi zone region), public cloud, private cloud and hybrid cloud throughout its lifecycle
• Review and update minimum baseline Cloud security controls in collaboration with IT Group Production security teams, Cloud security experts, Operational risk officers, ICT risk officers, etc
• Collaborate closely with cross-functional teams, Cloud subject matter experts, cyber security teams and operational risk officers to identify, assess, and remediate risks
• Periodic and adhoc reports and dashboards on the Cloud technology and operational risk indicators, trends, issues, incidents and remediation plans to senior management
• Raise awareness of the Operational Risk Officers on multi cloud platforms at BNP Paribas, various cloud topics and cloud initiatives across the Group through the Cloud Risk Community.
• Stay updated on the regulatory changes and requirements from regulators globally on Cloud topics identifying the gaps in existing baselines and the controls to be implemented to mitigate the gaps. Spread awareness of the regulatory changes across the Operational Risk Officers.
• Adapt to the evolving landscape of digital transformation, ensuring that risk management approaches are agile and forward-thinking.
• Support the ICT risk missions across multi cloud platforms identifying the control gaps in the existing security baseline, residual risks, and provide recommendations to mitigate the risks
Contributing Responsibilities
• Support in check and challenge of the controls, providing risk opinion, conducting risk assessments and audits of the key cloud projects and initiatives across the hybrid cloud, dMZR, private cloud and IBM cloud platforms
• Support in high quality report writing, documentation and presentation for Cloud security topics of operational risk frameworks
• Support to develop and maintain the Cloud technology and operational risk management framework, policies, standards, procedures and controls for the Cloud services in alignment with BNP Paribas 1LoD and 2LoD risk management policies
• Support in development, identification and updating of risk reporting methods using automated solutions. This could include leveraging existing or new solutions of Governance, Risk and Compliance (GRC) tools for Cloud services asset register, risk register, remediation tracking, etc.
• Support in development of Cloud Security Posture Management solutions, operational risk management solutions, IT service management solutions, reporting & dashboard solutions, etc
• Identify the risks and vulnerabilities of APIs used at Group, define the baseline controls and ensure APIs comply with industry standards.
Technical & Behavioral Competencies
• Professional qualifications relevant to Cloud and Cyber Security (such as CCSP, CISA, or CRISC).
• Strong risk mindset with understanding of applicable regulatory requirements in financial services sector around Cloud Security Risks
• Good knowledge of ICT risks, IT Control, Information Security, Business Continuity, IT operations and IT Audit and assessment methodologies and concepts
Functional knowledge in the following areas:
- Cloud security
- Container security
- Cloud provider and platform reviews
- Infrastructure security
- Security risk architecture
- Digital transformation
Frameworks & Technologies
- Terraform, Kubernetes
- Docker, containers
- CSP IaaS, PaaS and SaaS, Infrastructure as Code
- Microservices, API
- Cloud Security Posture Management
- Cloud platforms like Microsoft Azure, Amazon Web Services
- IBM Cloud, dedicated multi zone region
- Public cloud, hybrid cloud, multi cloud environments
Competencies (Technical / Behavioural)
The successful candidate will have a proven track record in managing risk and technology in large/global organizations with robust knowledge of technology, risks and controls, IT and cloud risk and cyber security, operational resilience, and third-party technology risk management. Prior ICT risk experience and exposure to the Financial Services industry is a requirement. Experience with risk management tools and information systems is beneficial.
Skills Referential
Behavioral Skills:
Decision Making
Client focused
Ability to collaborate / Teamwork
Attention to detail / rigor
Analytical skills
Transversal Skills
· Ability to articulate risk management concepts in business language
· Excellent written and verbal communication (English)
· Proficient with Microsoft Office Suite
· Experience within a regulated environment such as financial services industry
· Proven ability to manage issues through resolution
· Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times
· Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework
Conduct
· Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks
· Consider the implications of actions on colleagues, partners and clients before making decisions and escalate issues to manager when unsure
Specific Qualifications Required
· Graduate or post-graduate qualification in ICT domains, risk management or control function
· 8 to 10 years or more experience or practical understanding in Risk, Security and other ICT domains required.
· 6 to 7 years or more experience or practical understanding in Cloud platforms and Cloud Security.