The bank for a changing world

We are looking for

Operational Risk and Permanent Control Officer

Apply REF: OPE001151

1. Identification and assessment of risks and controls

  • Ensure key assessment units, key operational processes, material operational risks and risk mitigants are identified, inventoried and maintained

  • Maintain the risk, organization and process taxonomies

  • Ensure the effective implementation and maintenance of the RCSA framework within his/her 1st LoD control perimeter

  • Drive the risk identification and assessment, ensuring validation by the relevant management level and consistent with the risk appetite and thresholds

  • Contribute to the remediation plan’s definition when and if needed

2. Manage control plans and related actions

  • Define and regularly update the OE’s control plan according to the outcome of the risk assessment, regulations and other risk events (HI, control results, external events, Audit missions, …)

  • Reinforce the appropriateness,  effectiveness and sustainability of the controls whilst maintaining 1st LoD’s accountability and responsibility

  • Ensure that control results are reviewed and analysed by the Entity Management and when relevant by operational teams / relevant stakeholders / specific control teams and that remediation action plans are defined if and when needed

  • Follow-up the implementation of remediation actions

3. Manage procedures processes

  • Identify procedures needs
  • Ensure that the procedures designed by the businesses and functions within the Operating Entity are identified, updated, properly stored and communicated to relevant stakeholders

  • Identify and propose calibration of OE’s procedures according to the outcome of the risk assessment and other risk events (HI, control results, external events, Audit missions, …)

4. Follow-up closing of recommendations

  • Upon notification/receipt of reports, organise the design and the publication of the follow-up of the findings and recommendations closure, either issued internally (e.g. IG supervision) or externally (external auditors, supervisors)
  • Follow-up actions implementation with the recommendations owners in charge, escalating to the relevant management level when needed to ensure that recommendations are closed within due dates

5. Management of Historical Incident (HI) and near-miss processes

  • Alert the management and liaise with independent control functions if needed on key incidents

  • Collect incidents (including impacts measurement), report and update in the Group database (as well as local databases if needed), including suspected and attempted fraud cases

  • Analyse incidents in a timely manner

  • Follow-up and / or initiate the implementation of remediation actions and the unfolding of long term incidents

  • Perform controls on the incident collection process, in particular the cross-check with other databases (accounting or other when existing) and the half-yearly attestation by the local management

6. Watch over external events and dynamic review
  • Watch over external events so that any major external event is taken into account in operational risk framework

 7. Management of Operational risk organization and governances 
  • Coordinate, support and advice validation process under Business responsibility especially regarding  exceptional transactions, new products/activities/processes (including outsourcing initiatives, TAC/NAC) and follow-up of the implementation (e.g. that the conditions issued by control functions are met)

  • Coordinate all the committees that ensure continuous adherence of the OE to the regulations and notably in charge of reviewing regulatory-related control results and performance indicators, ensuring escalation of potential breaches, following-up of required remediation actions, analysing any impact of change of regulation on Operational Permanent Control set-up

  • Active contribution (or organization) to any committee on Operational risks and Permanent Control committees (e.g. Internal Control Committees)

8. Perform reports and raise alerts 
  • Alert and escalate to the relevant level of management any operational risk incident and/or any recurring weakness

  • Perform periodic and ad-hoc reporting to the appropriate level of management

  • Contribute to the periodic and ad-hoc reporting assessment managed by 2nd LoD control functions

9. Perform awareness training and advisory 
  • Ensure the employee’s awareness on policies and procedures

  • Ensure an appropriate training on Operational risks and Permanent Control framework is provided to employees, notably newcomers

  • Act as a local relay for risk awareness initiatives sponsored by 2nd LoD control functions

10. Awareness of ISO27001 : 2013 information security

  • An Information Security Management System (ISMS) is an International Standard that specified the requirements for establishing, implementing, maintaining and continually improving this ISMS. It is the responsibility of all the staff of BNP Paribas Bangkok Branch to contribute to this common objective.


  • General understanding / previous exposure to banking activities, products, processes and systems
  • Good understanding of internal control frameworks

  • Knowledge of regulatory environment in the financial services sector is preferred, but not a must

  • Sense of risk and the "security" reflex

  • Well organized with methodological approach


  • Ability to analyze systems, products and processes to identify risks and recommend improvements

  • Good report writing and oral skills. Strong communication, presentation and influencing skills. Ability to listen

  • Adaptation to changes and show initiative

  • Working effectively with Regional Control Teams colleagues maintain a good relationship with operational staff

  • Integration and show team spirit

  • Autonomous and organized to plan relevant controls for definite periods

  • Versatile to ensure the substitution in case of absence of the holders of controls

  • Ability to judge / critical sense / Quality of the investigations / Ability to synthesize


  • At least 3-5 years of experience in top audit firms focusing on banking sectors

  • 3-5 years of experience in banking industry relating to internal audit with operational risk


  • Bachelor/Master Degree in Finance and Banking, Accounting or Business Administration


Primary Location: TH-10-BangkokJob Type: Standard / PermanentJob: COMPLIANCE AND PERMANENT CONTROLEducation Level: Bachelor Degree or equivalent (>= 3 years)Experience Level: At least 3 years Behavioural competency: Ability to collaborate / Teamwork, Proactivity, Critical thinking, Attention to detail / rigorTransversal competency: Ability to understand, explain and support change, Analytical Ability, Ability to conduct a negotiation, Ability to develop and adapt a process , Ability to manage a project