The bank for a changing world

We are looking for

Operational Risk Controller

Job type Permanent
Schedule Full time
Job Function Risk
Apply REF: 1910GMOCM3520

BNP Paribas is a leading European bank with an international reach. It has a presence in 72 countries, with more than 202,000 Employees – including more than 154,000 in Europe and over 5,000 in Portugal alone.


BNP Paribas is present in Portugal since 1985, having been one of the first foreign banks to operate in the country. Today, BNP Paribas has several entities operating directly in this territory, offering a wide range of integrated financial solutions to support its clients and their businesses.


Worldwide, the Group has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realise their projects through solutions spanning financing, investment, savings and protection insurance.

To serve and process operations for the 13,000 Corporate and Institutional Clients based in 57 countries, BNP Paribas CIB relies on its IT & Operations (ITO) departments.

Built in 2012 from Capital Markets and Corporate Banking ITO teams, ITO Client Management regroups more than 1500 employees present in 38 countries.

Client Management is a department focused on the Client and its main mandate is to provide him with high quality and be-spoke services according to its needs and potential, while being aligned with CIB Businesses’ strategies.

Client Management department covers Operations and Transformation. All these teams share a common motto: create added value for Clients while protecting the Bank


  • The Permanent Control:
    • Is an overall system set up to permanently control risks and monitor the execution of strategic actions. It is based on policies, procedures, processes and control plans and involves organizational measures, controls and governance
    • It consists in the continuous implementation of the risk management framework by the 1st and 2nd line of defence (DG0020 Internal Control Charter)
  • The permanent control framework:
    • Is the continuous risk management framework, embedded in operating processes and involving 1st and 2nd lines of defence, whereas the periodic control framework is an audit process, out of the current operating processes, run by the Inspection Générale (RISK0327 –Organizational framework and governance for Operational risk management and Permanent control framework)
  • Operational risk:
    • Defined as “The risk of loss resulting from the inadequacy or failure of internal processes or external events, whether deliberate, accidental or natural” (RISK0326 – Fundamental operational risk definitions)
    • Losses attributed to credit risk, market risk, and “break even” are not included in the operational risks, nor are consequences affecting the reputation
  • Operating entities: are entities running a business or delivering a service, such as Métiers, support functions i.e. organizational entity

First, the mandate of the OPC is to support the Head of his operating entity in the management of her/his operational risk and to ensure Permanent Control pillars requirements are met, by:

  • Identifying, assessing and mitigating Operational Risks:
    • Identify and assess the risk, Design Risk Cartography in line with the Risk & Control Self- Assessment (RCSA) Group approach
    • Collect and analyse Historical Incidents
    • Contribute to Regulatory Capital computation or monitoring through the determination of Potential Incidents (for AMA eligible entities)
    • Based on Risk Profile, implement relevant mitigating actions
    • Participate to the governance of project impacting significantly the Operational Risks and Permanent Control framework
  • Materializing, maintaining and improving the permanent control set-up, thus protecting the Bank:
    • Assessing the quality of his control framework and of its execution, i.e. monitor control execution and perform a posteriori control to test the quality of the framework (Key Surveillance Point, Quality review on control, control of controls etc.…)
    • Ensure regulatory mandatory duties are duly monitored by Control Plan at LoD1 level
    • Ensure and foster operational risk awareness vis a vis staff belonging to operating entities
    • Providing official opinions and advices on major decisions having an impact on the operational risk management and risk appetite of her/his operating entity notably related to outsourcing (internal and external) projects
    • Monitoring permanent control actions and recommendations and notably ensuring the relevance of implementation dates as well as the adequate ownership of recommendations issued by LoD2, LoD3, central supervisors and external audit
  • Organizing, deploying and coordinating
  • Governance RISK0339 policy on Governance bodies for the management of operational risks, and of the permanent control system states “the set-up of a governance system focusing on the permanent control system and the risks for which they are responsible. It must serve to:
    • Provide an organized and overall vision of an entity in terms of Permanent Control
    • Constitute an alarm and escalation level relative to recurring weaknesses
    • Provide an analysis and decision-making collective body relative to these subjects
    • Formalize the executive body’s involvement in the management of these issues and follow-up of the related actions
  • Reporting transparent monitoring information to their reporting lines, hierarchical or functional, internal or external, ensure adequate regular and ad hoc reporting to Management and build the Permanent Control Reporting


  • University degree in Finance, Economics or Management related areas
  • 2 years minimum of experience in Operational Risk Management and/or Audit area
  • Knowledge of risk management related activities
  • Basic and OPC IT tools
  • Analytical skills to synthetize complex data into easy to understand report
  • Good communciation skills, with fluency in English, being required 


BNP Paribas is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.


Please note that only applications submitted in English will be considered.

In case you are selected for this role, further documentation will be requested to support your hiring process.

Primary Location: PT-11-LisbonJob Type: Standard / PermanentJob: RISKSEducation Level: Master Degree or equivalent (> 4 years)Experience Level: Not IndicatedSchedule: Full-time Behavioural competency: Attention to detail / rigorTransversal competency: Ability to develop and adapt a processReference: 1910GMOCM3520