Third Part Risk Management (TPRM) Officer BNP Paribas Riks Hub

GROUP BNPPARIBAS

BNPParibas Group is the top bank in the European Union and a major internationalbanking establishment. It has close to 196,000 employees in 73 countries. InSpain we are more than 5,100 employees within 13 business lines.

RISK HUB

RISK is anintegrated and independent control function of the BNP Paribas Group. It is thesecond line of defense on the risk management activities of the Group which areunder its direct responsibilities, including credit and counterparty risk,market risk, funding and liquidity risk, interest rate and foreign exchangerisks in the banking book, insurance risk, operational risk, and environmentaland social risks.

RISK aimsat being a partner of the businesses by contributing to their sustainabledevelopment, but also a gatekeeper to ensure risks taken remain compatible withthe Group’s Risk Appetite and its strategy. 

RISKIberian Hub Madrid is a transversal platform servicing the RISK Function bycovering added-value activities around credit risk, market risk, operationalrisk and data protection. Offering a wide range of services to RISK teams, fromconsulting to cyber security going through data analysis, modelling orartificial intelligence.

BUSINESS AREA OVERVIEW

Located in the RISK Function of BNP Paribas, RISK ORM Network is made up of all the Operational Risk Officers(OROs) acting as the 2nd line of defense within the Group’s operational entities(Poles, Business Lines, Functions, transversal Activities).

RISK ORM 2S (Operational Risk Management) belongs to RISK ORM CIBand is placed under the responsibility of the Head of RISK ORM CIB 2S and theChief Risk Officer for Securities Services.

The department has responsibility for independently challenging andsupervising the Operational Risk management of Securities Services activitieson a worldwide scope. This is achieved through: framing operational riskmethodology and disseminating of risk management culture; assessing theadequacy of the operational risk management set-up; controlling effectivenessof the control environment; contributing to the detection, anticipation andresponse to risks; alerting CIB and RISK stakeholders on any significant riskissue; providing a consolidated view on Securities Services operational risksprofile.

RISK ORM 2S teams are composed of 2 central teams as well as localteams in the different countries where Securities Services has activities.

RISK ORM 2S TTR & 2S Specific is one of the 2 central teams. Asthe second line of defence (2LoD) for Transversal & Technology risks, whichencompasses Fraud, ICT, TPRM and Operational Resilience risks, the team has theresponsibility to identify the key TTR risks of Securities Services and ensureBusiness and IT partners deploy sound risk management to mitigate those risks.Additionally, the team is in charge of several 2S specific topics. The team iscomposed of 4 people located in Paris and Madrid. The team works in closecollaboration with RISK ORM 2S teams, Securities Services teams and RISK ORMCIB teams, in particular with RISK ORM CIB TTR

PURPOSE OF THE ROLE

RISK ORM2S TTR & 2S Specific team 1st missionis to challenge the Operational Risk Management Framework implemented bySecurities Services to mitigate Fraud risks, ICT risks, TPRM risk andOperational resilience framework.

On TPRM(Third Party Risk Management), the team’s role is to check and challenge theframework implemented by Securities Services to assess and mitigate risksrelated to Third Parties. Within the team the role exists to supervise andindependently oversee those risks and to deploy and coordinate Lod2 activitiesamong the RISK ORM 2S network.

RISK ORM2S TTR & 2S Specific team 2nd missionis to provide visibility on the Operational Risk Framework to 2S Clients, andto provide 2S CRO and 2S Executive Management with consolidated overview andregular updates on 2S operational risks profile.

The rolealso encompasses the delivery of those consolidated overview and regularupdates.

SCOPE OF THE ROLE

The scope covered applies to operational risks to which SecuritiesServices is exposed, and for which RISK acts as a second line of defence

KEY RESPONSIBILITIES OF THE ROLE

The candidate will be responsible of the independent oversight ofthe Third-Party Risk Management (TPRM) framework implemented by SecuritiesServices teams and the coordination of Lod2 activities within RISK ORM2S. 

The oversight framework will encompass the below pillars:

• Framework: to review,analyse and challenge Securities Services TPRM framework consistently withGroup Policy pertaining to Outsourcing Risk Management and the Risk Managementof External Suppliers, and validate any exemption to these norms and standards,in alignment with RISK ORM CIB TTR approach
• Governance: toparticipate and represent RISK ORM 2S within TPRM committees at CIB and 2Slevel
• Risk Identification andAssessment: to challenge and verify Securities Services riskidentification, ensure the consistency of “severe but plausible” scenarios andtheir quantification, to challenge TPRM risks assessment embedded in projectsand new activities
• Risk Treatment and Decision: tooversee of the risk treatment process (risk acceptance, risk transfer, riskremediation) and remediation plans (incident review, post mortem analysis…)defined by Securities Services, to oversee the actions defined to implementRegulators and other resolution authorities conclusions and recommendations,and to validate closure of permanent control actions
• Testing: to coordinateand perform independent testing controls on Securities Services control planson TPRM risk
• Reporting, Monitoring and Alert:to contribute to RISK ORM opinions on 2S TPRM risk profile for Internal controlcommittees and reporting, and to alert Senior Management and stakeholders oncritical points for attention
• Awareness / Training / Animation:to promote and drive awareness on TPRM risks across RISK ORM 2S community.

To do so, the candidate will work in close collaboration with RISKORM CIB TTR in charge of defining the Lod2 activities framework for RISK ORMCIB TTR perimeter, with RISK ORM 2S network and with Securities Services CCCOteams.

The candidate will also contribute to the other missions of theteam. In particular, the candidate will be in charge of ensuring the deliveryof the regular updates on 2S operational risks profile to 2S CRO and 2SExecutive Committee, and of the coordination of the annual permanent controlreport for Securities Services. This mission includes an in-depth review of theexisting process to improve efficiency and review the output to foster andenhance risk management view. 

To this aim, the candidate will work in close collaboration with RISKORM 2S other central team and local teams, as well as with Securities ServicesCCCO teams

SKILLS & EXPERIENCE REQUIRED

• Ability to identify and challenge the TPRM risks faced by SecuritiesServices business activities and to check and challenge the risk assessmentprovided by 1LoD by demonstrating credibility and expertise
• Ability to foster TPRM Framework knowledge among RISK ORM 2Scommunity and coordinate TPRM check and challenge activities
• Ability to expend expertise on TPRM Group framework and procedures(via training and community meetings and self-education) in a context of fastevolving framework and expending scope of Third-Party risks (Outsourcing,shoring, purchasing, …)

SPECIFIC REQUIREMENTS

• Suitable experience (5+ preferred) 
• Experience in Operational Risk Management or in Third Party RiskManagement
• Experience in management of transversal projects or in Auditrole
  • Knowledge of Securities Services organizationand key stakeholders is a plus
• Bachelor’s degree in business or risk management, InformationTechnology (or equivalent professional qualification).
• High interest for acting within the 2nd line of defence control function, to protect and servethe bank by performing oversight activities
• Team player: ability to communicate, co-operate and work well withother teams. Working well both with others, as well as individually
• Ability to evolve in a transforming environment and to accompany thechange
• Ability to review, adapt and enhance processes
• Good analytical skills and synthesis skills
• Being rigorous and thorough – especially when logging and trackingissues through to conclusion
• Ability to manage their workload as to meet the realistic targetsand priorities set in conjunction with management
• Ability to express views clearly and fluently, both orally and inwriting. Considers the audience, avoiding technical jargon wherever necessaryand appropriate
• Demonstrating a good understanding of delivery within timeconstraints and the need to escalate/inform departmental management asappropriate

COMPETENCIES

• Excellent written and verbal communication skills
• Proficient with Microsoft Office Suite
• Fluent English spoken and written is mandatory

CONDUCT

• Be a role model, supporting and fostering a culture of good conduct
• Demonstrate proactivity, transparency and accountability foridentifying and managing conduct risks.
• Consider the implications of your actions on colleagues, partnersand clients before making decisions, and escalate issues to your manager whenunsure

OUR BENEFITS

• Trainingprograms, career plans and internal mobility opportunities, national andinternational thanks to our presence in different countries
• Diversityand Inclusion Committee that ensures an inclusive work environment. In recentyears, several employee communities have been created to organize diversity andinclusion awareness actions (PRIDE, We Generations and MixCity)
• Corporatevolunteering program (1 Million Hours 2 Help) in which employees can dedicatetime out of their working hours to volunteer activities
• Flexiblecompensation plan
• Hybridtelecommuting model (50%)
• 31vacation days

Diversity and inclusion commitment 

BNPParibas Group in Spain is an equal opportunity employer and proud to provideequal employment opportunity to all job seekers. We are actively committed toensuring that no individual is discriminated against on the grounds of age,disability, gender reassignment, marriage or civil partnership status,pregnancy and maternity/paternity, race, religion or belief, sex or sexualorientation. Equity and diversity are at the core of our recruitment policybecause we believe that they foster creativity and efficiency, which in turnincrease performance and productivity. We strive to reflect the society we livein, while keeping with the image of our clients.