Third Party Risk Management (TPRM) Officer BNP Paribas Riks Hub

GROUP BNPPARIBAS

BNPParibas Group is the top bank in the European Union and a major internationalbanking establishment. It has close to 196,000 employees in 73 countries. InSpain we are more than 5,100 employees within 13 business lines.

RISK HUB

RISK is anintegrated and independent control function of the BNP Paribas Group. It is thesecond line of defense on the risk management activities of the Group which areunder its direct responsibilities, including credit and counterparty risk,market risk, funding and liquidity risk, interest rate and foreign exchangerisks in the banking book, insurance risk, operational risk, and environmentaland social risks.

RISK aimsat being a partner of the businesses by contributing to their sustainabledevelopment, but also a gatekeeper to ensure risks taken remain compatible withthe Group’s Risk Appetite and its strategy. 

RISKIberian Hub Madrid is a transversal platform servicing the RISK Function bycovering added-value activities around credit risk, market risk, operationalrisk and data protection. Offering a wide range of services to RISK teams, fromconsulting to cyber security going through data analysis, modelling orartificial intelligence.

BUSINESS AREA OVERVIEW

Located in the RISK Function of BNP Paribas, RISK ORM Network is made up of all the Operational Risk Officers(OROs) acting as the 2nd line of defense within the Group’s operational entities(Poles, Business Lines, Functions, transversal Activities).

RISK ORM 2S (Operational Risk Management) belongs to RISK ORM CIBand is placed under the responsibility of the Head of RISK ORM CIB 2S and theChief Risk Officer for Securities Services.

The department has responsibility for independently challenging andsupervising the Operational Risk management of Securities Services activitieson a worldwide scope. This is achieved through: framing operational riskmethodology and disseminating of risk management culture; assessing theadequacy of the operational risk management set-up; controlling effectivenessof the control environment; contributing to the detection, anticipation andresponse to risks; alerting CIB and RISK stakeholders on any significant riskissue; providing a consolidated view on Securities Services operational risksprofile.

RISK ORM 2S teams are composed of 2 central teams as well as local teams in the different countries where Securities Services has activities.

RISK ORM 2S TTR & 2S Specific is one of the 2 central teams. As the second line of defence (2LoD) for Transversal & Technology risks, which encompasses Fraud, ICT, TPRM and Operational Resilience risks, the team has the responsibility to identify the key TTR risks of Securities Services and ensure Business and IT partners deploy sound risk management to mitigate those risks. Additionally, the team is in charge of several 2S specific topics. The team is composed of 4 people located in Paris and Madrid. The team works in close collaboration with RISK ORM 2S teams, Securities Services teams and RISK ORMCIB teams, in particular with RISK ORM CIB TTR

PURPOSE OF THE ROLE

RISK ORM2S TTR & 2S Specific team 1st mission is to challenge the Operational Risk Management Framework implemented by Securities Services to mitigate Fraud risks, ICT risks, TPRM risk and Operational resilience framework.

On TPRM(Third Party Risk Management), the team’s role is to check and challenge the framework implemented by Securities Services to assess and mitigate risks related to Third Parties. Within the team the role exists to supervise and independently oversee those risks and to deploy and coordinate Lod2 activities among the RISK ORM 2S network.

RISK ORM2S TTR & 2S Specific team 2nd mission is to provide visibility on the Operational Risk Framework to 2S Clients, and to provide 2S CRO and 2S Executive Management with consolidated overview and regular updates on 2S operational risks profile.

The role also encompasses the delivery of those consolidated overview and regular updates.

SCOPE OF THE ROLE

The scope covered applies to operational risks to which Securities Services is exposed, and for which RISK acts as a second line of defence.

KEY RESPONSIBILITIES OF THE ROLE

The candidate will be responsible of the independent oversight ofthe Third-Party Risk Management (TPRM) framework implemented by Securities Services teams and the coordination of Lod2 activities within RISK ORM2S. 

The oversight framework will encompass the below pillars:

• Framework: to review, analyse and challenge Securities Services TPRM framework consistently with Group Policy pertaining to Outsourcing Risk Management and the Risk Managementof External Suppliers, and validate any exemption to these norms and standards,in alignment with RISK ORM CIB TTR approach
• Governance: to participate and represent RISK ORM 2S within TPRM committees at CIB and 2Slevel
• Risk Identification and Assessment: to challenge and verify Securities Services risk identification, ensure the consistency of “severe but plausible” scenarios and their quantification, to challenge TPRM risks assessment embedded in projects and new activities
• Risk Treatment and Decision: to oversee of the risk treatment process (risk acceptance, risk transfer, risk remediation) and remediation plans (incident review, post mortem analysis…) defined by Securities Services, to oversee the actions defined to implement Regulators and other resolution authorities conclusions and recommendations, and to validate closure of permanent control actions
• Testing: to coordinate and perform independent testing controls on Securities Services control plans on TPRM risk
• Reporting, Monitoring and Alert: to contribute to RISK ORM opinions on 2S TPRM risk profile for Internal control committees and reporting, and to alert Senior Management and stakeholders on critical points for attention
• Awareness / Training / Animation:to promote and drive awareness on TPRM risks across RISK ORM 2S community.

To do so, the candidate will work in close collaboration with RISKORM CIB TTR in charge of defining the Lod2 activities framework for RISK ORMCIB TTR perimeter, with RISK ORM 2S network and with Securities Services CCCOteams.

The candidate will also contribute to the other missions of theteam. In particular, the candidate will be in charge of ensuring the deliveryof the regular updates on 2S operational risks profile to 2S CRO and 2SExecutive Committee, and of the coordination of the annual permanent controlreport for Securities Services. This mission includes an in-depth review of theexisting process to improve efficiency and review the output to foster andenhance risk management view. 

To this aim, the candidate will work in close collaboration with RISKORM 2S other central team and local teams, as well as with Securities ServicesCCCO teams

SKILLS & EXPERIENCE REQUIRED

• Ability to identify and challenge the TPRM risks faced by SecuritiesServices business activities and to check and challenge the risk assessmentprovided by 1LoD by demonstrating credibility and expertise
• Ability to foster TPRM Framework knowledge among RISK ORM 2Scommunity and coordinate TPRM check and challenge activities
• Ability to expend expertise on TPRM Group framework and procedures(via training and community meetings and self-education) in a context of fastevolving framework and expending scope of Third-Party risks (Outsourcing,shoring, purchasing, …)

SPECIFIC REQUIREMENTS

• Suitable experience (5+ preferred) 
• Experience in Operational Risk Management or in Third Party RiskManagement
• Experience in management of transversal projects or in Auditrole
  • Knowledge of Securities Services organizationand key stakeholders is a plus
• Bachelor’s degree in business or risk management, InformationTechnology (or equivalent professional qualification).
• High interest for acting within the 2nd line of defence control function, to protect and servethe bank by performing oversight activities
• Team player: ability to communicate, co-operate and work well withother teams. Working well both with others, as well as individually
• Ability to evolve in a transforming environment and to accompany the change
• Ability to review, adapt and enhance processes
• Good analytical skills and synthesis skills
• Being rigorous and thorough – especially when logging and tracking issues through to conclusion
• Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management
• Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate
• Demonstrating a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate

COMPETENCIES

• Excellent written and verbal communication skills
• Proficient with Microsoft Office Suite
• Fluent English spoken and written is mandatory

CONDUCT

• Be a role model, supporting and fostering a culture of good conduct.
• Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks.
• Consider the implications of your actions on colleagues, partner sand clients before making decisions, and escalate issues to your manager when unsure.

OUR BENEFITS

• Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries
• Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity)
• Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities
• Flexible compensation plan
• Hybrid telecommuting model (50%)
• 31vacation days

Diversity and inclusion commitment 

BNPParibas Group in Spain is an equal opportunity employer and proud to provideequal employment opportunity to all job seekers. We are actively committed toensuring that no individual is discriminated against on the grounds of age,disability, gender reassignment, marriage or civil partnership status,pregnancy and maternity/paternity, race, religion or belief, sex or sexualorientation. Equity and diversity are at the core of our recruitment policybecause we believe that they foster creativity and efficiency, which in turnincrease performance and productivity. We strive to reflect the society we livein, while keeping with the image of our clients.