About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.
About BNP Paribas Group:
BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability
Commitment to Diversity and Inclusion
At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.
About Business line/Function:
The Group RISK ORM Network Operational Risk Officer is part of the Group RISK Function within BNP Paribas. The department has responsibility for steering and reporting on the Group’s Operational Risk Management framework and status. It is the independent second line of defense on operational risk management activities of the Group, including on Information and Communication Technology risk management activities.
Job Title:
Operational Risk Officer- Outsourcing RISK
(Head of Common Outsourcing Controls Execution Platform -COCEP)
Date:
27-Jan -2025
Department:
Group RISK ORM
Location:
ISPL, Mumbai
Business Line / Function:
Group RISK ORM Network
Reports to:
(Direct)
Head of RISK ORM Network, India CoE
Grade:
(if applicable)
VP1
(Functional)
Group Head of ICT Controls Testing
Number of Direct Reports:
N/A
Directorship / Registration:
N/A
Position Purpose
RISK Operational Risk Management (RISK ORM), created early 2021 to oversee operational risks within the mandate of the RISK function, is organised, under the responsibility of the Group Chief Operational Risk Officer (Group CORO), around 3 Poles: RISK ORM Framework, RISK ORM Technology & Transversal Risks and RISK ORM Network.
Under the authority of the Pole’s Manager, RISK ORM Network is made up of all the Operational Risk Officers (OROs) acting as the second line of defence (LoD2) within the Group’s operational entities (Poles, Business Lines, Functions, Transversal Activities).
In this context, the Head of Common Outsourcing Controls Execution Platform (COCEP), whose missions are presented below, reports hierarchically to the head of RISK ORM COE ISPL and functionally to the Group Head of ICT Controls Testing, he/she:
• Contributes to protect the Bank by securing the oversight of the completeness and quality of the outsourcing register (360 RiskOp Arrangement module) to guarantee an accurate oversight of outsourcing arrangements and their characteristics,
• Assures the accuracy and data quality of regulatory reporting (e.g. CASPER) and notifications (e.g. IMAS),
• Ensures the homogeneity, the robustness and effectiveness of the outsourcing controls executed by the LoD1 by implementing LoD2 controls execution platform across Poles and Functions,
• Facilitate and pilot outsourcing operational risk management framework.
Key success of the COCEP relies on building trusted partnerships with stakeholders and particularly with the RISK ORM Framework, TPRM and Network community and globally all entities of the Group.
The COCEP team plays a key role in assessing the Bank’s Outsourcing risk posture. By ensuring, through LoD2 controls, that the data of the outsourcing register is accurate, complete, meaningful, and up to date, the team facilitates the decision-making process for working with given providers and for delegating full or part of operational processes to internal or external service providers.
In addition, it contributes to the measurement of the effectiveness of the mechanisms implemented through the execution of controls and facilitates the production of indicators to proactively propose a common understanding of the third-party risks.
Within COCEP team, the Head of COCEP role contributes with his/her team to identify and reduce risks on activities delegated to third-party service providers and thus improves the efficiency of the overall activities for the Bank.
Responsibilities
Direct Responsibilities
Main missions of the Head of COCEP
Manage the Common Outsourcing Controls Execution Platform (COCEP) activities relying on existing best practices of the Common ICT LoD2 Control Execution Platform (CICEP) model:
Implement and structure the COCEP:
Roles & Responsibility between COCEP and OROs,
Governance model.
Manage the industrialisation and the practice of the COCEP:
COCEP indicators enabling the pilotage of the activity,
Capacity management and yearly roadmap,
Yearly analysis of the Control points results and lessons learnt.
Lead and manage the COCEP team to perform their missions:
Define the COCEP planning,
Manage the team locally (objectives, appraisals, and related administrative tasks).
Oversee the process of the outsourcing register data quality of regulatory reporting:
Track, cascade and manage the process to remediate data quality anomalies for CASPER regulatory reporting,
Perform cross-business consistency analysis to identify inconsistencies or incorrect qualifications in the register,
Ensure consistency between the outsourcing register critical outsourcing arrangements data and IMAS portal,
Ensure consistency between the outsourcing register and the exit strategy standard documentation (e.g. alignment between the exit plan and the outcome of assessment of the service provider’s substitutability, the substitutability modality, and the time of service provider’s substitutability).
Verify the compliance of outsourcing regulatory documentation:
Verify, with the related OROs, the alignment between the draft record in IMAS portal and the content of the notification template submitted at the Validation Committee,
Verify, with the related OROs, that the exit strategy documentation is available and compliant with the Group format.
Execute LoD2 controls on outsourcing GCL (RISK0418):
Define with the Heads of ORO Poles and Functions the yearly LoD2 controls plan,
Perform the defined LoD2 controls plan, share the results with the related OROs and ensure that the related potential permanent control actions plans are recorded in 360 RiskOp.
Pilot the COCEP activities:
Produce a periodic report analysing the outsourcing operational risk management including the data quality indicators improvements and the LoD2 controls results analysis,
Manage the COCEP steering committee process chaired by the Head of RISK ORM Network,
Produce operational reporting (link with RISK ORM COE ISPL reporting stream).
The Head of COCEP reports to the Group Head of ICT Controls Testing and locally to the Head of RISK ORM COE ISPL. He/she actively collaborates with RISK ORM Framework and Technology & Transversal risks teams and works with the operational risk officers (ORO), outsourcing coordinators, operational permanent controllers (OPC), and subject matter experts (SME).
Scope covered and organisation.
The scope applies to all entities for which RISK ORM acts as a second line of defence.
In addition to the elements of this document, the outsourcing framework, generic control libraries (GCL) and the operational role of the OROs, are notably described in the procedures, "Second line of defence’s roles and responsibilities on the operational risk management framework” (RISK0401), “LoD2 control activities on the LoD1 control framework” (RISK 0414), “Group Policy pertaining to Outsourcing Risk Management Framework” (RISK0417), “Generic Control Library relating to outsourcing risks” (RISK0418) and “ORO Role and Responsibilities in the outsourcing process” (ORM0005).
Lastly, the legal and regulatory requirements of third-party risk management are notably, EBA guidelines on Outsourcing Arrangements, EU DORA, UK PS7/21, UK SS2/21, Solvency II, US FDIC-OCC guidance on third party relationship risk management.
Required profile
To meet the requirements of this position, the Head of COCEP will be expected to have a good fluency in risk analysis and monitoring, acquired through professional experience in a team in charge of operational processes or managing operational risk in the first or second line of defence.
In addition, a good mastery of the implementation and animation of RISK governance in an equivalent environment is essential.
Moreover, general knowledge of LoD2 control management, third-party risk management, analysis and monitoring will be sought given the importance of technology in Group's business processes.
Then, validated managerial experience in a functional environment is required.
We will expect from the Head of COCEP to have a good ability to animate a group / a team / a community, qualities of coach (mentoring) in order to be able to bring his/her interlocutors to decision-making, the ability to mobilise his/her direct and indirect network, a good sense of responsibility and commitment, as well as the ability to develop a vision and share it to generate commitment.
Last, good analytical skills, a solid critical mind, the capacity to synthesize / simplify, to communicate orally and in writing, to animate meetings and committees, to challenge the existing and propose solutions (change management), to be pragmatic in analysis and action, to work in collaborative mode in a changing environment with respect of the deadlines, to be rigorous, will allow the newcomer Head of COCEP to take on his/her new responsibilities in the best conditions.
Contributing Responsibilities
Collaboration at the India CoE level with Head of India CoE, including but not limited to the CoE level reporting requirements
Effectively contribute to the CoE, RISK India Hub and ISPL on Group mandates, Objectives and priorities
Help and contribute to build the CoE a positive place to work
Technical & Behavioral Competencies
SKILLS, EXPERIENCE AND COMPETENCIES
To meet the requirements of this position, the COCEP Outsourcing Risk Officer will be expected to have a good fluency in risk analysis and monitoring, acquired through professional experience in a team in charge of operational processes or executing operational risk activities in the first or second line of defence.
Moreover, general knowledge of LoD2 control management, third-party risk management, analysis and monitoring will be sought given the importance of technology in Group's business processes.
We expect the COCEP Outsourcing Risk Officer to have good relationship skills to efficiently work in a group / a team / a community, qualities of communication to be able to bring his/her interlocutors to decision-making and relay key messages, the ability to mobilise his/her direct and indirect network, and a good sense of responsibility and commitment.
Last, a good analytical skills, a solid critical mind, the capacity to synthesize / simplify, to communicate orally and in writing, to animate meetings and committees, to challenge the existing and propose solutions (change management), to be pragmatic in analysis and action, to work in collaborative mode in a changing environment with respect of the deadlines, to be rigorous, will allow the newcomers in the COCEP team to take on his/her new appointment in the best conditions.
Skills Preferred
- Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements.
- Is self-aware, anticipates problems, adapts and meets them head on.
- Strong stakeholder management, relationship building, influencing, facilitating and presenting skills.
- Is solutions focused – measures their output on whether issues, problems or challenges are resolved as a criteria for success.
Conduct:
- Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure.
Specific Qualifications (if required)
University degree (technical), and/or certification on Risk Management
Skills Referential
Behavioural Skills: (Please select up to 4 skills)
Attention to detail / rigor
Ability to deliver / Results driven
Personal Impact / Ability to influence
Creativity & Innovation / Problem solving
Transversal Skills: (Please select up to 5 skills)
Ability to anticipate business / strategic evolution
Ability to develop and adapt a process
Ability to develop others & improve their skills
Ability to set up relevant performance indicators
Ability to develop and leverage networks
Education Level:
Bachelor Degree or equivalent
Experience Level
At least 12 years
Other/Specific Qualifications (if required)
- Professional qualifications/trainings relevant to technology and/or Outsourcing Risk, Risk Management ,Information Security, Operational Risk, Cloud Security)
