About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.
About BNP Paribas Group:
BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability
Commitment to Diversity and Inclusion
At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.
About Business line/Function:
ITTF IRM is a unique community of Transversal, Finance and RISK Projects & Systems along with their related IT teams. ITTF comes under ITG.
Job Title:
Third Party Technology Risk Management Analyst/ Consultant
Date:
Department:
Germany-TPTRM
Location:
Bangalore
Business Line / Function:
ITG
Reports to:
(Direct)
Grade:
(if applicable)
(Functional)
Number of Direct Reports:
Directorship / Registration:
NA
Position Purpose
The role of the Third-Party Technology Risk Management Analyst / Consultant is to implement the set of operational activities to be carried out within BNP Paribas (Group & entities) to manage ICT & Cyber risks for the beneficiaries of sourcing (Outsourcing, purchasing & shoring) initiatives supported by ICT service providers and third parties involved in ICT projects or business projects with ICT components. She/he can operate within TPTRM scope governance, providers, beneficiaries & SMEs spread throughout global region. As part of his role, she/ he will have to work closely with German stakeholders. Especially, she / he will help clients assess the risks associated to their arrangement and provide recommendations for managing those risks..
Responsibilities
Direct Responsibilities
· Perform third-party technology risk assessments to help beneficiaries/contract owners identify and evaluate business and technology risks related to their arrangements, and provide recommendations for managing those risks
· Define the contractual ICT security requirements applicable to the arrangement to protect confidentiality, integrity and availability of Beneficiary data and systems
· Provide periodic status updates (KPIs/KRIs) including potential risks and delays to the project delivery to beneficiary project manager, conduct workshops wherever necessary
· Review thoroughly asset classifications and pre-existing asset related risks & control responses ensuring sync with TPTRM assessments responses
· Select the requirements to include in the specific ICT due diligence questionnaires to be sent to the shortlisted suppliers and analyze the provider’s feedback
· Support the Beneficiary answering ICT Security questions from the provider as part of the contract negotiation process
· List of the risks that should be formalized in a risk management plan given the third party's answers and report on the third party's ability to manage risks
· Support the Beneficiary recording the arrangement data in the various Group registers (ServiceNow, RISK360, etc.)
· Ensure periodic review of ICT arrangements and contracted ICT services
· Demonstrate knowledge in one or more of the following cyber risk domains, including: Security Governance and Management, Security Policies and Procedures, Application Security Controls, Access Controls, Incident Response, Risk Management, Privacy and Data Protection, Encryption.
Contributing Responsibilities
Direct Responsibilities
· Perform third-party technology risk assessments to help beneficiaries/contract owners identify and evaluate business and technology risks related to their arrangements, and provide recommendations for managing those risks
· Define the contractual ICT security requirements applicable to the arrangement to protect confidentiality, integrity and availability of Beneficiary data and systems
· Provide periodic status updates (KPIs/KRIs) including potential risks and delays to the project delivery to beneficiary project manager, conduct workshops wherever necessary
· Review thoroughly asset classifications and pre-existing asset related risks & control responses ensuring sync with TPTRM assessments responses
· Select the requirements to include in the specific ICT due diligence questionnaires to be sent to the shortlisted suppliers and analyze the provider’s feedback
· Support the Beneficiary answering ICT Security questions from the provider as part of the contract negotiation process
· List of the risks that should be formalized in a risk management plan given the third party's answers and report on the third party's ability to manage risks
· Support the Beneficiary recording the arrangement data in the various Group registers (ServiceNow, RISK360, etc.)
· Ensure periodic review of ICT arrangements and contracted ICT services
· Demonstrate knowledge in one or more of the following cyber risk domains, including: Security Governance and Management, Security Policies and Procedures, Application Security Controls, Access Controls, Incident Response, Risk Management, Privacy and Data Protection, Encryption.
Contributing Responsibilities
· Instruct the 5 European Bank Authority ICT risks categories and follow them throughout TPTRM assessments
· Participate in Initialization Committee/ Validation Committee & Go-Live committee for Supporting specific arrangements and results
· Provide support to beneficiary / contract owner to implement residual actions
· Facilitate the business/sponsor/beneficiary/SME decision-making with deep analysis based on relevant flagged risk families
· Provide support to contract owners and coordinate/ assist to ensure proper assessments are done
· Manage TPTRM inventory with follow-up tracker management
· Contribute to process improvement, upkeep with new policies, regulations, standards & guidelines
Technical & Behavioral Competencies
Functional Skills
· Experience in IT Risk and Cyber Security domains in a financial institution demonstrating a high-level of commitment and self-motivation.
· Experience in the Finance & IT industry with a strong exposure to IT Operations, Application Security, and/or network administration, IPS
· Demonstrate knowledge of Risk & Compliance, cybersecurity, cyber risk, cyber threats, Third Party Technology Risk Management/ Vendor assessments
· Working knowledge of global regulations, frameworks and standards (ISO, NIST, COBIT, PCI-DSS, HIPAA) and conversant in the tactics, techniques and procedures used by Risk adversaries.
· Demonstrates a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate.
· Good IT knowledge
Technical :
- Good understanding of organizations and IT Businesses
- Good technical understanding of infrastructures and IT Security Productions and Systems
- IT risk /Third Party risk analysis and management methods and should have worked on Risk Management Tools like, ServiceNow etc.
- Knowledge of Cyber Resilience, IT continuity and business continuity
- GRC - Governance, Risk Management and Compliance Management.
- Firewall and Internet technologies; Cloud Security, Banking Tools & Technologies.
- Secure access control mechanisms; Encryption and Key management technics
Behavioral :
- Strong Communication, Analytical and problem-solving skills.
- Proven organizational skills with excellent multi-tasking, result oriented and prioritization skills
- Good documentation and reporting skills
- Ability to work independently
- Strong communication and interpersonal skills, able to communicate and relate easily with IT, Finance and back-office users
- Good communication, technical writing/diagramming skills
- Attention to detail and accuracy
Specific Qualifications (if required)
- One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CEH, CRISC, OSCP or Security+.
- IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc.
- IT Auditing (ISO27001/2, NIST 800 Series, ISO27005, ISO42001)
- Regulatory Compliance
MBA in Finance/Systems/IT, Master’s in Technology, Bachelor of Commerce, Master’s in Commerce, Bachelor in Science, Bachelor in Technology
Skills Referential
Behavioural Skills: (Please select up to 4 skills)
Communication skills - oral & written
Attention to detail / rigor
Ability to deliver / Results driven
Creativity & Innovation / Problem solving
Choose an item.
Choose an item.
Choose an item.
Transversal Skills: (Please select up to 5 skills)
Analytical Ability
Ability to manage a project
Ability to understand, explain and support change
Ability to develop and adapt a process
Ability to anticipate business / strategic evolution
Choose an item.
Choose an item.
Choose an item.
Choose an item.
Choose an item.
Education Level: Bachelor Degree/ Master Degree or Equivalent
Choose an item.
Experience Level 5-7 years and 3-5 years
Choose an item.
Other/Specific Qualifications (if required)
CISA/CISSP/CISM/CRISC
