We are looking for

Senior Associate- IT OPC

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

About BNP Paribas Group:

BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

About Business line/Function :

ITG is a group function established recently (2019) in ISPL with presence in Mumbai, Chennai, Bengaluru. We collaborate with various business lines of the group to provide IT Services.

The Territory Service Center (TSC) offers a full suite of security services to Austrian and German business lines of BNP. It collaborates with the business, and strengthens Security-by-design and closely manages all areas of IT-Risk

Job Title:

 IT-OPC (Operational Permanent Control) Professional 

Date:

 28-Aug-2025

Department:

Territory Service Center 

Location:

India

Business Line / Function:

ITG

Reports to:

(Direct)

ISPL ITG Manager

Grade: 

(if applicable)

(Functional)

IT Risk Cyber Governance -

IT - Risk & Permanent Control

Team Manager, TSC Germany

Number of Direct Reports:

Not applicable

Directorship / Registration:

NA

Position Purpose

This position is part of the IT-Risk & Cyber Security team, which is serving all entities of the BNPP Group in Germany and Austria. 

 The mission of the IT-OPC Professional, in accordance with the defined policy defined, is to assure that there are no gaps left uncovered in terms of IT-Risk assessment, corresponding permanent controls, and that operational governance is in place in all IT teams. The role covers from an IT-OPC perspective, all activities which are in the scope of the served entities (local, central and outsourced activities).

 Risk assessments, 1st level controls and testing of the effectiveness of IT and Information Security solutions are a major part of the daily task list. 

 Further, tasks include outsourcing monitoring / Third Party Risk Management and assessment, monitoring and reporting of Shadow IT situations.

 Support IT teams to implement compliance with BNP Paribas requirements and follow and control corresponding tasks and monitor regulatory changes.

 Operational incident management: Monitoring and assessing IT incidents for real or potential losses.

Support of access rights controls – reconciliation and recertification of access rights in close cooperation with corresponding IT admin teams.

 Close cooperation is necessary with the operational IT teams, the local OPC team and the central IT-OPC organization.

Responsibilities

 

Direct Responsibilities

-  To ensure consistency of approach, methodology, reporting, business alignment in regard to risk assessments and management, control frameworks, control design and effectiveness, testing, evidence, reporting.

 -  Provides control and risk expertise for the business unit/functions in his (her) area.

 -  Working with technology stakeholders (including operational production and development teams) to identify IT-Risks impacting the firm and formulating appropriate remediation strategies based on full understanding of business exposure and compensating controls.

 -  Contributes to the definition and development of procedures, in line with head office policies.

 -  Providing independent expert advice to the IT areas on operational risk issues.

 -  Executing IT-Risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to define appropriate mitigation plans. 

 -  Performs 1st level analysis of IT and IT-Security controls and assesses the related impacts; supports 2nd controls and provides reports to the second line of defence.

 -  Reviews regularly the registry of operational IT-Risks and corresponding controls plans and prepares management status reports.

 -  Checks the robustness and efficiency of the IT and IT Security controls according to the requirements defined by the IT-Risk Manager of his (her) area.

 -  Monitoring and oversight of existing IT-Risks, working collaboratively with stakeholders in ensuring plans are managed within timescales and escalating where appropriate.

 -  Contributes to the monitoring and management of IT-related nonconformities. 

 -  Assure compliance of the IT and Information Security framework with BNPP group policies and procedures.

 -  Engaging with firm wide risk and control groups, including internal audit and territory control teams. 

 -  Assisting with risk treatment statements and co-ordinating sign-off from business and IT stakeholders.

 -  Maintain dashboards and control sheets.

 -  Accompanies, coordinates, and supports internal and external audits of the IT function in his (her) area.

 -  Follows up progress and closure of recommendations of internal and external audits of the IT function in his (her) area, along with an appropriate reporting.

-  Rolling out risk awareness actions to enhance IT-Risk culture in IT teams and business teams (e.g. remind on the need for proper software user acceptance tests before each release; need to know principle in access rights requirements)

Technical & Behavioral Competencies

 -  Experience in a risk/control/compliance/governance role e.g. OPC, Audit

-  IT / IT security experience

-  Proficiency in MS Office and related applications (Word, Excel, PowerPoint, Visio and SharePoint).

Specific Qualifications (if required)

 -  Knowledge of Information Security principles and Information Systems Security standards like: 

o    ISO 27001

o    ISO 27002

o    ISO 27005 Risk Management (Information Security Risk Management) 

o    NIST Cyber Security Framework (CSF)

-  ISACA Certified Information Systems Auditor (CISA) certification is a plus

Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Communication skills - oral & written

Ability to collaborate / Teamwork

Ability to synthetize / simplify

Attention to detail / rigor

Transversal Skills: (Please select up to 5 skills)

Analytical Ability

Ability to understand, explain and support change

Ability to develop and adapt a process 

Ability to manage / facilitate a meeting, seminar, committee, training…

Choose an item.

Education Level: 

 Bachelor Degree or equivalent

Experience Level

At least 5 years

Other/Specific Qualifications (if required)









Interested by our offer? Don't wait any longer!