The bank for a changing world

We are looking for

Risk Manager_ITIP

Job type Permanent
Schedule Full time
Brand BNP Paribas Corporate & Institutional Banking
Level of experience 11 to 15 years
Study level Secondary Education
Apply REF: CIB004569


About BNP Paribas Group:

Worldwide, BNP Paribas has a presence in 74 countries with more than 190,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 15,000 employees* and a presence in 14 markets, it provides clients with product and service solutions tailored to their specific needs, and continues to develop its franchise in the region.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas Group, a leading bank in Europe with an international reach. With delivery centers located in Mumbai and Chennai, we are a 24x7 global delivery center. We partner various business lines of BNP Paribas such as Corporate and Institutional Banking, Wealth Management, Retail Banking through three verticals - Information Technology, Operations and Finance Shared Services.

About Businessline/Function :

Job Title:

Manager IT Infrastructure Risk

 

Date:

Department:

ITIP

Location:

Infinity – Mumbai

Business Line / Function:

CIB IT Production

Reports to:

(Direct)

Pankaj KUMAR MISHRA

Grade:

(if applicable)

(Functional)

Number of Direct Reports:

NA

Directorship / Registration:

NA

 

Position Purpose

This is a new position within ITIP to ensure that all the risks within ITIP are tracked, reviewed and mitigated.



Responsibilities

Direct Responsibilities

 

BNP Paribas is seeking a strong IT IRM candidate to cover the applications and system infrastructure supporting the India Region processes.

IRM is responsible to maintain the IT Risk Framework and its associated controls and reporting.  This role is responsible to evaluate overall information technology risk, maintain an active view, and report on the actual, mitigated and residual risk in the technology organization.  All Risk & Control closure activities are coordinated through this role, including the actual submissions for closure.

KEY PERFORMANCE AREAS (KPA’S)

1.       Identify, assess and evaluate IT Infrastructure risk to enable the execution of the enterprise risk management strategy.

• Collect information and review documentation to ensure that risk scenarios are identified and evaluated.

• Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.

• Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.

• Create and maintain a risk register to ensure that all identified risk factors are accounted for.

• Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.

• Analyze risk scenarios to determine their impact on business objectives.

• Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.

• Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership. 

• Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment

2.       Risk Response : Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives

• Identify and evaluate risk response options and provide management with information to enable risk response decisions.

• Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness and economy. 

• Apply risk criteria to assist in the development of the risk profile for management approval.

• Assist in the development of risk response action plans to address risk factors identified in the organizational risk profile.

3.        Risk Monitoring: Liaise with IT Security and Production Security to Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise’s risk management strategy. 

• Collect and validate data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders.

• Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.

• Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively. • Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements.

4.       Information Systems Control Design and Implementation:  Design and implement information systems controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives. 

• Interview process owners and review process design documentation to gain an understanding of the business process objectives.

• Analyze and document business process objectives and design to identify required information systems controls.

• Design information systems controls in consultation with process owners to ensure alignment with business needs and objectives.

• Facilitate the identification of resources (e.g. people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level.

• Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope.

• Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that deviations are promptly addressed.

• Test information systems controls to verify effectiveness and efficiency prior to implementation.

• Implement information systems controls to mitigate risk.

• Facilitate the identification of metrics and key performance indicators (KPIs) to enable the measurement of information systems control performance in meeting business objectives.

• Assess and recommend tools to automate information systems control processes.

• Provide documentation and training to ensure information systems controls are effectively performed.

• Ensure all controls are assigned control owners to establish accountability.

• Establish control criteria to enable control life cycle management

5.         Information Systems Control Monitoring and Maintenance:  Monitor and maintain information systems controls to ensure they function effectively and efficiently. 

• Plan, supervise and conduct testing to confirm continuous efficiency and effectiveness of information systems controls.

• Collect information and review documentation to identify information systems control deficiencies.

• Review information systems policies, standards and procedures to verify that they address the organization's internal and external requirements.

• Assess and recommend tools and techniques to automate information systems control verification processes.

• Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity.

• Determine the approach to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated.

• Maintain sufficient, adequate evidence to support conclusions on the existence and operating effectiveness of information systems controls.

• Provide information systems control status reporting to relevant stakeholders to enable informed decision making.

6.         IT Policies/Governance and Compliance

• Coordinate the development and ongoing maintenance of other IT policies and procedures.

• Ensure that all IT policies and procedures are compliant with regulatory requirements.

• Maintain a schedule of policy review and submission to the board for approval

7.       Audits and Reviews Preparation and Facilitation

• Serve as liaison to auditors, consultants, and the bank Compliance Committee regarding documentation and review of information compliance.

• Communicate audit and review results to appropriate parties; ensure that issues are addressed and corrective actions are implemented.

• Keep a tracking action list of all audit issues.

 

 

 

 

Contributing Responsibilities

Technical & Behavioral Competencies

  • 12 years or more of IT Infrastructure/ Audit experience, preferably with a Financial Services, Brokerage, or Public Accounting Firm
  • Strong technical and analytical skills and willingness to learn and keep up with industry, regulatory and technical developments.
  • A detailed understanding of Cyber Security and IT Security and experience at least one of the following: vulnerability and patch management; threat intelligence and information sharing; secure application development; intrusion detection and incident response; security logging and monitoring and analytics; identity management and access control; encryption and data protection; data leakage prevention and digital rights management.
  • Ability to partner with Technology, Production Security and IT security and work within a team
  • Strong written and verbal communication skills. Report writing skills are required.  Must be able to summarize and communicate technical data to a non-technical audience
  • Bachelor’s Degree (Computer Science or IT related preferred)

Specific Qualifications (if required)

  • CISA, CISSP or CPA certification a plus

        

Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Ability to collaborate / Teamwork

Active listening

Communication skills - oral & written

Decision Making

Transversal Skills: (Please select up to 5 skills)

Analytical Ability

Ability to understand, explain and support change

Ability to develop others & improve their skills

Choose an item.

Choose an item.

Education Level:

Bachelor Degree or equivalent

Experience Level

At least 12 years

Other/Specific Qualifications (if required)

 





About BNP Paribas Group:

Worldwide, BNP Paribas has a presence in 74 countries with more than 190,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 15,000 employees* and a presence in 14 markets, it provides clients with product and service solutions tailored to their specific needs, and continues to develop its franchise in the region.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas Group, a leading bank in Europe with an international reach. With delivery centers located in Mumbai and Chennai, we are a 24x7 global delivery center. We partner various business lines of BNP Paribas such as Corporate and Institutional Banking, Wealth Management, Retail Banking through three verticals - Information Technology, Operations and Finance Shared Services.

About Businessline/Function :

Job Title:

Manager IT Infrastructure Risk

 

Date:

Department:

ITIP

Location:

Infinity – Mumbai

Business Line / Function:

CIB IT Production

Reports to:

(Direct)

Pankaj KUMAR MISHRA

Grade:

(if applicable)

(Functional)

Number of Direct Reports:

NA

Directorship / Registration:

NA

 

Position Purpose

This is a new position within ITIP to ensure that all the risks within ITIP are tracked, reviewed and mitigated.



Responsibilities

Direct Responsibilities

 

BNP Paribas is seeking a strong IT IRM candidate to cover the applications and system infrastructure supporting the India Region processes.

IRM is responsible to maintain the IT Risk Framework and its associated controls and reporting.  This role is responsible to evaluate overall information technology risk, maintain an active view, and report on the actual, mitigated and residual risk in the technology organization.  All Risk & Control closure activities are coordinated through this role, including the actual submissions for closure.

KEY PERFORMANCE AREAS (KPA’S)

1.       Identify, assess and evaluate IT Infrastructure risk to enable the execution of the enterprise risk management strategy.

• Collect information and review documentation to ensure that risk scenarios are identified and evaluated.

• Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.

• Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.

• Create and maintain a risk register to ensure that all identified risk factors are accounted for.

• Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.

• Analyze risk scenarios to determine their impact on business objectives.

• Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.

• Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership. 

• Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment

2.       Risk Response : Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives

• Identify and evaluate risk response options and provide management with information to enable risk response decisions.

• Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness and economy. 

• Apply risk criteria to assist in the development of the risk profile for management approval.

• Assist in the development of risk response action plans to address risk factors identified in the organizational risk profile.

3.        Risk Monitoring: Liaise with IT Security and Production Security to Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise’s risk management strategy. 

• Collect and validate data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders.

• Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.

• Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively. • Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements.

4.       Information Systems Control Design and Implementation:  Design and implement information systems controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives. 

• Interview process owners and review process design documentation to gain an understanding of the business process objectives.

• Analyze and document business process objectives and design to identify required information systems controls.

• Design information systems controls in consultation with process owners to ensure alignment with business needs and objectives.

• Facilitate the identification of resources (e.g. people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level.

• Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope.

• Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that deviations are promptly addressed.

• Test information systems controls to verify effectiveness and efficiency prior to implementation.

• Implement information systems controls to mitigate risk.

• Facilitate the identification of metrics and key performance indicators (KPIs) to enable the measurement of information systems control performance in meeting business objectives.

• Assess and recommend tools to automate information systems control processes.

• Provide documentation and training to ensure information systems controls are effectively performed.

• Ensure all controls are assigned control owners to establish accountability.

• Establish control criteria to enable control life cycle management

5.         Information Systems Control Monitoring and Maintenance:  Monitor and maintain information systems controls to ensure they function effectively and efficiently. 

• Plan, supervise and conduct testing to confirm continuous efficiency and effectiveness of information systems controls.

• Collect information and review documentation to identify information systems control deficiencies.

• Review information systems policies, standards and procedures to verify that they address the organization's internal and external requirements.

• Assess and recommend tools and techniques to automate information systems control verification processes.

• Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity.

• Determine the approach to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated.

• Maintain sufficient, adequate evidence to support conclusions on the existence and operating effectiveness of information systems controls.

• Provide information systems control status reporting to relevant stakeholders to enable informed decision making.

6.         IT Policies/Governance and Compliance

• Coordinate the development and ongoing maintenance of other IT policies and procedures.

• Ensure that all IT policies and procedures are compliant with regulatory requirements.

• Maintain a schedule of policy review and submission to the board for approval

7.       Audits and Reviews Preparation and Facilitation

• Serve as liaison to auditors, consultants, and the bank Compliance Committee regarding documentation and review of information compliance.

• Communicate audit and review results to appropriate parties; ensure that issues are addressed and corrective actions are implemented.

• Keep a tracking action list of all audit issues.

 

 

 

 

Contributing Responsibilities

Technical & Behavioral Competencies

  • 12 years or more of IT Infrastructure/ Audit experience, preferably with a Financial Services, Brokerage, or Public Accounting Firm
  • Strong technical and analytical skills and willingness to learn and keep up with industry, regulatory and technical developments.
  • A detailed understanding of Cyber Security and IT Security and experience at least one of the following: vulnerability and patch management; threat intelligence and information sharing; secure application development; intrusion detection and incident response; security logging and monitoring and analytics; identity management and access control; encryption and data protection; data leakage prevention and digital rights management.
  • Ability to partner with Technology, Production Security and IT security and work within a team
  • Strong written and verbal communication skills. Report writing skills are required.  Must be able to summarize and communicate technical data to a non-technical audience
  • Bachelor’s Degree (Computer Science or IT related preferred)

Specific Qualifications (if required)

  • CISA, CISSP or CPA certification a plus

        

Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Ability to collaborate / Teamwork

Active listening

Communication skills - oral & written

Decision Making

Transversal Skills: (Please select up to 5 skills)

Analytical Ability

Ability to understand, explain and support change

Ability to develop others & improve their skills

Choose an item.

Choose an item.

Education Level:

Bachelor Degree or equivalent

Experience Level

At least 12 years

Other/Specific Qualifications (if required)

 

Primary Location: IN-MH-MumbaiJob Type: Standard / PermanentJob: INFORMATION TECHNOLOGYEducation Level: Secondary EducationExperience Level: At least 12 yearsSchedule: Full-time Behavioural competency: Ability to collaborate / Teamwork, Decision Making, Organizational skills, Critical thinking, Communication skills - oral & written, Ability to share / pass on knowledge, Active listeningTransversal competency: Analytical Ability, Ability to develop others & improve their skills, Ability to inspire others & generate people's commitment, Ability to manage a project