Back to offers list
We are looking for

Manager/AVP- Third Party Risk Management

Job type
Full time
Job Function

Job Description - APAC

About BNP Paribas Group:

BNP Paribas is a top-ranking bank in Europe with an international profile. It operates in 71 countries and has almost 199 000 employees. The Group ranks highly in its three core areas of activity: Domestic Markets and International Financial Services (whose retail banking networks and financial services are grouped together under Retail Banking & Services) and Corporate & Institutional Banking, centred on corporate and institutional clients. The Group helps all of its clients (retail, associations, businesses, SMEs, large corporates and institutional) to implement their projects by providing them with services in financing, investment, savings and protection. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas enjoys leading positions in Europe, a strong presence in the Americas and has a solid and fast-growing network in the Asia/Pacific region.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, a leading bank in Europe with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 6000 employees, to provide support and develop best-in-class solutions.

About Businessline/Function :

Within CIB ITO [Information Technology and Operations], the UK OPC [Operational Permanent Control] team is composed of 12 members, based both in the UK and in India, and reporting into BNP Paribas London Branch [BNPP LB] Management. Their role is to support the following businesses in managing their operational risk:

  1. Global Banking [GB],
  2. Asset Liability Management and Treasury [ALMT],
  3. Financial Institutions Coverage [FIC],
  4. Correspondent Banking [CBK]
  5. Transversal departments (Due Diligence, Client Services, Sourcing, Outsourcing, Data Management, etc).

BNPP LB rely on internal and external third parties that provide services necessary to BNPP LB business in the UK. To ensure that the overall risk of the Branch is not increased and properly managed, BNPP LB must maintain a proper oversight of these third party services. This supervision is under the responsibility of the Sourcing and Outsourcing departments.

Over the past years, the proportion of outsourced processes has significantly increased, triggering additional third party risks, while the UK regulators have enhanced their scrutiny over TPRM [Third Party Risk Management]. As a result, UK OPC have been mandated to support Sourcing and Outsourcing in managing their operational risk.

Job Title:








Business Line / Function:

CIB ITO - Operations

Reports to:


The Head of OPC – Financial Security and Transversal (Mumbai)


(if applicable)

Senior risk officer


The Head of UK OPC (London)

Number of Direct Reports:

Directorship / Registration:


Position Purpose

Within the UK OPC team, the senior TPRM risk officer role is responsible for implementing and executing the operational risk management setup for UK Sourcing and Outsourcing departments. The risk officer aims at supporting these 2 departments to identify, assess, report, monitor and mitigate their operational risk. The objective is to implement a robust setup of operational risk management covering all internal and external service providers that contribute to the delivery of services required by BNPP LB.

The senior TPRM risk officer focuses both on:

  • Sourcing: department in charge of managing our relationships with service providers offering services used within BNPP London Branch;
  • Outsourcing: department in charge of managing our relationships with service providers to which BNPP London Branch processes are delegated.

The senior TPRM risk officer will work in collaboration with the independent control functions (RISK, Compliance and Legal), to ensure the compliance with internal procedures and standards, as well as with regulatory requirements.

When relevant, the senior TPRM risk officer may provide support to the other OPC team members covering other scopes, and similarly benefit from other team members’ experience on implementing RCSA or GCP.


Direct Responsibilities

  1. Offshoring risk assessment
  • Context: prior to any offshoring, a risk assessment must be performed by the department offshoring its process; this assessment must involve various mandatory participants including OPC;
  • The senior TPRM risk officer will be in charge of performing the analysis from the OPC standpoint, and raising any condition deemed necessary to ensure a successful process transfer.
  1. SLA definition and implementation
  • For any process being offshored, assess and agree, with the OPC of the service provider, the opportunity to offshore OPC missions along with the underlying process transferred;
  • Define the oversight framework for UK OPC to receive regular MIs on the OPC missions taken over by the service provider (risk assessment, control execution, incident reporting, etc.);
  • Ensure that the SLA [Service Level Agreement] contains explicit clauses to define whether OPC missions are transferred to the service provider along with the underlying process;
  • Beyond the OPC-related MIs, ensure that the KPIs defined in any SLA are regularly produced by the service provider, shared with the service beneficiary and challenged by the latter;
  • Ensure that key issues raised by service providers (eg: issues identified via the KPIs) are escalated to UK Management via the right governance and in a timely manner.
  1. Mapping of SLA with RCSA
  • Context: the risk level of a SLA is primarily assessed based on RCSA [Risk and Control Self Assessment] results provided by the activity which manages the outsourced process;
  • Support the Outsourcing departments in collecting RCSA results from various entities;
  • Ensure the mapping of processes covered by a SLA with the RCSA results of the related processes;
  • Similarly ensure that RCSA results of internal providers servicing BNPP LB are all mapped to a SLA;
  • Support the Outsourcing departments in assessing the risks carried by each SLA;
  • When relevant, take appropriate actions for services associated to a high-risk SLA, in coordination with guidelines provided by the Outsourcing departments.
  1. Support audit of service providers
  • Ensure UK Outsourcing perform audits on BNPP LB service providers on a regular basis and according to a risk-based approach;
  • If needed, support the execution of these audits.
  1. Performance of RCSA
  • Coordinate the RCSA for TPRM processes
  • Support the two departments in identifying and assessing their risks and processes;
  • Ensure regular update of the RCSA based upon identification of any risk event;
  • Define and follow-up on remediation actions for high residual risks;
  • Support the RCSA of other activities (GB, CBK, ALMT, etc), in particular with regards to the assessment of Sourcing and Outsourcing related risks.
  1. Control plan execution
  • Assess the applicability of any TPRM generic control plan, and update the UK OPC TPRM control plan accordingly;
  • Execute independent controls on processes owned by Sourcing and Outsourcing departments;
  • Identify and assess risks revealed by controls results;
  • Report controls results and related risks to the UK Head of Transversal departments, and to any other relevant stakeholder/governance (eg: RISK, Compliance, Legal);
  • Ensure that remediation action plans are defined when needed;
  • Input, in the relevant tools, the control results and major action plans;
  • Follow-up the implementation of remediation actions;
  • When relevant, define and implement new controls (eg: to meet new regulatory expectations).
  1. Management of historical incidents
  • Inform UK Sourcing and Outsourcing departments, as well as beneficiaries of outsourced services, of any key TPRM incident;
  • If needed, assist the other UK OPC team members in investigating and reporting any incident, as well as to define remediation actions and follow-up on them.
  1. Follow-up on audit recommendations
  • Support UK Sourcing and Outsourcing departments during internal and external audits, in particular (i) to provide evidence on controls and RCSA executed on their processes, as well as (ii) to review audit recommendations (if any) prior to their validation;
  • Follow-up on any audit recommendation to ensure its implementation by the due date.

Contributing Responsibilities

  1. Other operational risk management missions
  • Support the UK OPC team in any other mission such as the preparation of committee slides, the maintenance of the procedural framework, the design and roll-out of trainings, etc.
  • Support the UK Sourcing and Outsourcing departments in any ad-hoc requests with regards to operational risk management.

Technical & Behavioral Competencies

Must have:

  • Demonstrable knowledge of TPRM

Additional relevant competencies:

  • Experience in banking activities (Global Markets, Global Banking, Securities Services, etc)
  • Experience in offshoring or onshoring processes;
  • Experience in operational risk through previous roles in 1/2/3 LOD;
  • Experience in identifying issues in processes and controls, and subsequently assessing, reporting, mitigating and monitoring them;
  • Ability to use Excel and Powerpoint proficiently.

Specific Qualifications (if required)

A curious mindset and a critical thinking are key to be successful in this role.

Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Critical thinking


Ability to deliver / Results driven

Attention to detail / rigor

Ability to synthetize / simplify

Ability to collaborate / Teamwork

Transversal Skills: (Please select up to 5 skills)

Analytical Ability

Ability to develop others & improve their skills

Ability to inspire others & generate people's commitment

Ability to set up relevant performance indicators

Ability to anticipate business / strategic evolution

Education Level:

Master Degree or equivalent

Experience Level

At least 12 years

Other/Specific Qualifications (if required)

Primary Location
Job Type
Standard / Permanent
Education Level
Master Degree or equivalent (> 4 years)
Experience Level
At least 12 years

Discover the different professions within BNP Paribas: Audit, Compliance, Risk and Legal

If it is your ambition to work in a profession that entrusts you with a high degree of responsibility and gives you the chance to contribute to strategic decision-making at BNP Paribas, the following roles might be ideal for you to consider.

Find out more

Why should I apply?

Basically, why would you want to join BNP Paribas over any other company?


  • What if we told you that working in our Group may not be quite what you think? BNP Paribas business lines and careers are constantly evolving to meet the expectations of our clients and society as a whole.

  • Feeling good about your job means bringing your whole self to work and being who you are. It’s also about having the resources you need to achieve a healthy work-life balance. Both of these are major commitments at BNP Paribas.

  • At BNP Paribas, developing your skills is as important to us as it is to you. And the skills you learn with us will help you through the rest of your working life.

Find out more