The bank for a changing world

We are looking for

Senior Associate - IT Risk and Cyber Security

Apply REF: IND000188
About the Company :
BNP Paribas Group is a leading European bank with a strong global footprint across 72 markets and more than 202,000 employees. The Group provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas Group, a leading bank in Europe with an international reach. With delivery centers located in Mumbai and Chennai, we are a 24x7 global delivery center. We partner various business lines of BNP Paribas such as Corporate and Institutional Banking, Wealth Management, Retail Banking through three verticals - Information Technology, Operations and Finance Shared Services.

Security risk management policy (SRM-L2-00), and aligned with the Group 2OPC approach related to risks cartography (CG0121EN and COP0028EN).

Cross references to Risk analysis methodology user guide (SRM-L4-01) are also provided to aid comprehension of the risk analysis methodology proposed by GGS (which is based on EBIOS methodology).

Risk level is the combination of the severity of impacts (or consequences), that can be assessed through the Impact Severity Matrix sheet, and of the likelihood for a feared event, that can be assessed though the likelihood Matrix sheet.

For Impact study please consider the below support information:

Impact severity level is used to assess risk level (in combination with likelihood of threat scenarios) and relies on the potential consequences of a feared event on an essential asset (to be assessed by the business).

 For a feared event, the severity level can be different depending on each type of impact. Hence, the final severity level for each feared event should correspond to the highest severity level assessed amongst all impact types;

 Criticality of assets is bound to security needs, to be evaluated for Confidentiality, Integrity, Availability, and Traceability (combines Non-repudiation and Authenticity);

 Sensitivity is used to describe the criticality of data and information. Sensitive data hence means that this data or information is a critical asset, in particular in terms of Confidentiality (but it may also concern other security needs);

 Although impacts with high severity levels are more likely when essential assets are concerned, criticality level is not directly used to calculate risk level (severity level is used instead).

Job Title:

Senior Associate


Position Purpose

To Manage BP2S Global IT Risk activities from Chennai as extended team of Paris IT Risk team.

To Manage ISAE 3402 Audit for BP2S Global IT Risk and Cyber Security Team.

Direct Responsibilities


 Action Plans RCP

 Exceptions ISAE3402

 Recommendation IG

 Action Plans Incidents





 Lines of Defence: 1st, 2nd, 3rd

 Risk Committees

 CIO & Comex IT 

Contributing Responsibilities

ISAE 3402 – IT Risk Audit

To deals with assurance engagements undertaken by an auditor to provide a report for use by user entities and their auditors on the controls at a service organization that provides a service to user entities that is likely to be relevant to user entities' internal control as it relates to financial reporting.

Primary Location: IN-TN-ChennaiJob Type: Standard / PermanentJob: PROCUREMENT OR SECURITY OR FACILITIES MANAGEMENTEducation Level: Bachelor Degree or equivalent (>= 3 years)Experience Level: At least 5 years Behavioural competency: Adaptability, Proactivity, Critical thinking, Ability to share / pass on knowledgeTransversal competency: Analytical Ability, Ability to manage / facilitate a meeting, seminar, committee, training…, Ability to set up relevant performance indicators, Ability to anticipate business / strategic evolutionReference: IND000188