About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.
About BNP Paribas Group:
BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability
Commitment to Diversity and Inclusion
At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.
About Business line/Function:
RISK ORM Network is managing the Group Operational Risk Officers (ORO) and is part of the Group RISK Function within BNP Paribas. The department has responsibility for Leading, structuring, and animating the ORO Network as well as developing competencies, steering and reporting on the Group’s Operational Risk Management framework and risks. It is an independent second line of defense on operational risk management activities of the Group, including on Information and Communication Technology risk management activities.
Job Title:
ICT Operational Risk Officer
(Head of Common ICT LOD2 Controls Execution Platform, India CoE)
Date:
4-Apr-2025
Department:
Group RISK ORM
Location:
ISPL, Mumbai
Business Line / Function:
Group RISK ORM Network
Reports to:
(Direct)
Head of Group RISK ORM Network, India CoE
Grade:
(if applicable)
AVP/VP1
(Functional)
Group Head of ICT Controls Testing
Number of Direct Reports:
5+
Directorship / Registration:
N/A
Position Purpose
RISK Operational Risk Management (RISK ORM), created early 2021 to oversee operational risks within the mandate of the RISK function, is organised, under the responsibility of the Group Chief Operational Risk Officer (Group CORO), around 3 Poles: RISK ORM Framework, RISK ORM Technology & Transversal Risks and RISK ORM Network.
Under the authority of the Pole’s Managers, RISK ORM Network is made up of all the Operational Risk Officers (OROs) acting as the second line of defence (LoD2) within the Group’s operational entities (Poles, Business Lines, Functions, Transversal Activities).
In this context, the Common ICT LOD2 Controls Execution Platform (CICEP), reports hierarchically to the Group Head of ICT Controls Testing. The Head of CICEP, India CoE, ensures the homogeneity, the robustness and effectiveness of the ICT controls executed by the LoD1 by implementing LoD2 controls execution platform across Poles and Functions.
The position is based in India Solutions Pvt. Ltd. (ISPL), Mumbai and reports to Head of RISK ORM Network, India CoE, plus functionally to Group Head of ICT Controls Testing.
Responsibilities
· Lead the delivery of the COE CICEP India team (including his/her missions) dedicated to:
o Performing the LOD2 check and challenge on the execution of ICT controls (verification, re-performance, direct controls testing) requiring technical and business expertise.
o Determining the design effectiveness, and operating effectiveness of IT and Cyber controls.
o Review and assist the team with the evaluation of control deficiencies and provide practical recommendations for remediation.
o Drafting high-quality reports containing the risk assessor’s opinion on the ICT control gaps, and recommendations for improvement, post completion of an assignment.
o Ensuring completion of the testing LOD2 reviews and adherence to the validated internal timelines.
· Contribute to the maturity of the services provided by the CICEP platform by:
o Enhancing the CICEP methodology and tools required to perform the ICT control reviews.
o Identifying the areas of improvement (lessons learned) for ICT control reviews and proactively working with the relevant stakeholders to implement these enhancements.
o Proactively supporting the standardisation of practises (workpapers, reports, templates etc.) across the CICEP platform (India and Portugal).
· Proactively contributes to the usage and enhancement of Group methodologies and tools for LOD2 control testing reviews.
· Provides upon request of business or the Operational Risk Officer(s), provides advice on ICT controls related to IT and cyber risk management.
· Actively participates in the monitoring of the LOD2 ICT control results, and their reporting to senior management.
· Works in collaboration with other stakeholders from business and RISK ORM teams to contribute towards influencing the ICT risk culture of The Bank.
· Improves the effectiveness of the Internal Controls programme by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities.
· Deliver quarterly CICEP KPI report in a timely and accurate manner, working in conjunction with the functional and the CoE managers.
· Manage the growth, productivity and efficiency of the CICEP platform and ensure a good continuity of its services.
· Provide, at least once a year for the European Supervisor, a regular and complete analysis and of the ICT Lod2 control highlighting key messages for the General Management.
Contributing Responsibilities
· Collaborates at the India CoE level with Head of India CoE, including but not limited to the CoE level reporting requirements.
· Effectively contributes to the CoE, RISK India Hub and ISPL on Group mandates, objectives and priorities.
· Lead by example, demonstrating effective Leadership in the CICEP team leading to CoE as a positive place to work in conjunction with the Head of India CoE.
· Participates to the recruitment for the CoE.
Technical & Behavioral Competencies
SKILLS, EXPERIENCE AND COMPETENCIES
Skills Required
- 7+ years of experience in IT audit / ITGC controls testing / technical assessments, preferably in the areas of Cyber and Technology domains in a financial institution.
- Ability to manage the team and its workload independently to meet their targets, and priorities set in conjunction with management.
- Must be able to interface and coordinate work efficiently, and effectively with business partners.
- Excellent analytical skills – being able to come to a thoughtful and business focused conclusion quickly.
- Good communication, listening and influencing skills, including ability to articulate complex issues and incorporate feedback.
- Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate.
- Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done.
- Being rigorous and thorough – especially when logging and tracking issues through to conclusion.
- Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business.
- Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate.
- Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework.
- Team player – focus on the success of the whole team. Working well both with others, as well as individually.
- Ability to work under strict timelines and at pressure situations to manage the delivery.
- Open to work under global time zones as required for workshops or stakeholder discussions.
Skills Preferred
- Team management capabilities.
- Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements.
- Is self-aware, anticipates problems, adapts and meets them head on.
- Strong stakeholder management, relationship building, influencing, facilitating and presenting skills.
- Is solutions focused – measures their output on whether issues, problems or challenges are resolved as a criteria for success.
Competencies:
- University degree (technical), and/or certification such as ISO27001, CISA.
- Professional qualifications/trainings relevant to technology and/or cyber risk (e.g. change management, outsourcing, vulnerability management, cloud security, etc.).
Conduct:
- Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure.
Specific Qualifications (if required)
Bachelors degree, and certification in Information Systems
Skills Referential
Behavioural Skills: (Please select up to 4 skills)
Attention to detail / rigor
Ability to deliver / Results driven
Ability to deliver / Results driven
Ability to collaborate / Teamwork
Transversal Skills: (Please select up to 5 skills)
Ability to develop others & improve their skills
Ability to inspire others & generate people's commitment
Ability to set up relevant performance indicators
Analytical Ability
Ability to develop and leverage networks
Education Level:
Bachelor Degree or equivalent
Experience Level
At least 12 years
Other/Specific Qualifications (if required)
- Professional qualifications/trainings relevant to Information Security, Risk Management is a strong plus (ISO 27001, ISO 31000, CISSP, CRISC, CISM, CISA, CCSP) preferred.
