RISK Operational Risk Officer (ORO) ICT ISPL

Job Description

Located within the RISK Function of BNP Paribas (“BNPP”), the role of the RISK ORO ICT APAC is to ensure that the operational risk management framework is implemented and operating effectively, and to provide RISK ORM APAC and business senior management with relevant, synthetic, transparent, exhaustive and consistent information and a front-to-back view of operational risk across ICT APAC activities. To achieve this objective, this 2nd line of defense (“LOD2”) role works closely with other RISK ORM regional teams and within this context, the RISK ORO ICT APAC is member of the RISK ORM ICT APAC reports functionally to the Head of RISK ORM ICT APAC.

Direct Responsibilities

Responsible for implementing regional risk management programs in global organization, with robust knowledge of technology, risks, architectures, and related tools. Prior ICT risk experience (IT, Cyber, Vendor…etc.) & exposure to the Financial Services industry is a must. Experience with GRC tools and other risk management information systems is preferred.  

Individual will develop and communicate the risk assessment engagement models to ensure that ICT risk considerations are accounted for in all the bank’s operations.

Negotiation and Conflict Management skills an absolute must. Bank is undergoing a significant tech and ops reorg/transformation including outsourcing functions, streamlining, and refactoring applications. Will lead this effort from an independent risk assessment of these projects and will present findings to management. Excellent presentation & executive presence skills necessary. Experience interacting with regulatory agencies is required.

Governance and Oversight: 

•    Implement IT & Cyber Risk Management Program for the bank within the three lines of defense model in alignment with the Group Risk Management Framework.

•    Drive effective implementation and communication of Operational risk management (ICT) policies and guidelines. 

•    Provide support and oversight with respect to management of security and technology risks of core systems and applications. 

•    Oversee the Operational risk management activities and ensure practices are consistent with regulatory expectations and industry sound practices. 

•    Provide IT & Cyber risk management consulting to the business, technical and operations groups. 

•    Pro-active involvement in IT and Operations Transformation projects including the review of major outsourcing partners. 

Risk Management Environment:

•    Identification & assessment: Ensure that the identification and assessment of operational risks are effectively done across the organization by correlating input from Audit Findings, Internal Loss Data Collection & Analysis, External Data Collection & Analysis, Risk Control Self Assessments, Business Process Mapping, KPIs & KRIs, Scenario Analysis, and Quantified Measurement & Comparative Analysis.

•   Monitoring & Reporting: Implement a process to regularly monitor operational risk profiles and material exposure to losses and provide appropriate reporting mechanisms to the board, senior management and the business lines. Data capture and operational risk reporting should be continuously enhanced and provide a feedback loop to enhance risk management policies, procedures and practices.

•   Control & Mitigation improve the effectiveness of the Internal Controls program by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities. Assess operational risk response strategies. Validate risk transfer options. Ensure all Permanent Control Actions and audit recommendations are resolved within the specific timeline.

 Operational Resilience:

•   Support the Group and APAC management in the oversight and driving of APAC Operational Resilience program to ensure the ability of the bank to operate on an ongoing basis and limit the losses in the event of severe business disruption.

Risk Disclosure:

•    Provide updates on regulatory disclosure while complying with external and regulatory communications standards and disclosing the operational risk management (ICT) framework of the bank in a manner that complies with the formal disclosure policy approved by the board of directors.

Job Requirements

The successful candidate will have a proven track record in managing risk and technology in large/global organizations with robust knowledge of technology, risks and controls, IT and security architecture, operational resilience, and third party technology risk management. Prior ICT risk experience (IT, DR/BCM, Cyber security, Third Party, etc.) and exposure to Financial Services industry is a requirement. Experience with risk management tools and information systems is beneficial. 

Technical Skills

• Experience in business process re-engineering, experience with functional and enterprise technical architecture, good understanding of large-scale technology infrastructure.

• Understanding of emerging technologies e.g. IoT, Cloud, etc.

• Understanding of ISO 2700X series of standards and guidelines

• Significant experience in the field of Technology Risk Management, Operational Resilience, Cyber, Information Security and Crisis Management.

• Strong Risk mindset with understanding of applicable Technology Risk and Resilience regulatory requirements

• Proficiency in IT Service Management, Service Continuity domains

• Experience within a regulated environment such as financial services industry

Conduct

• Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks

• Consider the implications of actions on colleagues, partners and clients before making decisions and escalate issues to manager when unsure

Experience and  Qualifications required

• Graduate or post-graduate qualification in ICT domains, risk management or control function

• 10 years or more experience or practical understanding in IT, IT Security or other ICT domains required.

• Project management skills