Job Description

About BNP Paribas India Solutions:Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union\xe2\x80\x99s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai, and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.About BNP Paribas Group:BNP Paribas is the European Union\xe2\x80\x99s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group\xe2\x80\x99s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group\'s performance and stabilityCommitment to Diversity and InclusionAt BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected, and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, color, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.About Business line/Function:The Third-Party Technology Risk Management (TPTRM) Team is responsible for identifying and assessing risks relating to Information Security, Cyber Security, Business Continuity and Physical Security arising out of the Third Parties providing services to BNP Paribas, globally. This includes policy, governance, risk management, reporting and ownership of the lifecycle of Security Risk Assessment of the Third Parties.Job Title:ManagerDate:Department:Third Party Technology Risk Management (TPTRM)Location:MumbaiBusiness Line / Function:IT SecurityReports to:(Direct)VP - Third Party Technology Risk Management (TPTRM)Grade:(if applicable)(Functional)Number of Direct Reports:5-10Directorship / Registration:NAPosition PurposeThis role will be responsible for managing TPTRM globally, in guidance to BNPP Group direction, regulatory requirements. This role requires overseeing the Third-party risks across territories, collaborating with group, regional and local territory stakeholders from procurement, outsourcing, and local security teams to manage the program governance, Assessments, escalation of risk & reporting through various risk centric committees at territory, regional and global managements.ResponsibilitiesDirect Responsibilities Manage Third Party Technology Risk Management program following the SLA for governing vendor assessments, reporting & other activities in relation to the Third-Party Technology Risk Management project. Complying group\xe2\x80\x99s TPTRM program with Group Policies and procedure, local & regulatory requirements Closely monitor the progress of TPTRM assessments across APAC, EMEA, NAR and ensure timely completion of assessment for in scope vendors, escalation and reporting to local & regional managements. Collaborate with local security teams across regions and territories for cascading TPTRM framework, policies, procedures, and approach to drive the program efficiently. Collaborate with SME teams across regions and territories for necessary coverage of reviews for Third Party vendors & applications/systems. Perform Quality review for assessment report delivered by assessors, local and territory local security teams for adequacy of coverage of risk areas. Responsible for TPTRM control testing is performed by second LOD (RISK ORC), Inspection General, in relation to the Global/ Regional TPTRM policies, regulatory guidelines. Be the central POC for regions and territories for handling queries regarding TPTRM topics from global, regional, and local teams and interest parties. Participating and presenting Supplier risks in periodic risk centric committees at territory and regional level. Responsible for managing projects, tooling in aligning TPTRM activities and workflows, and managing maintaining all documentation, repository of assessment data in central database. Responsible for reconciling and presenting regulatory reporting in technology risk committees at territory & regional level Identifying and reporting/ escalating potential areas of risk/ non-responses to stakeholders and Sr. Management.Contributing Responsibilities Closely working with regional Business Information Security to adopt best practices in region on outsourcing risk management guidelines covering various regulators. Participating in initiatives taken by group or region to enhance existing Third-party Technology risk management policies, processes, methodologies in the best interest of BNPP Group. Participate in local, territory & regional statutory, information security & regulatory audits pertaining to compliance with Third Party Technology risk management framework and compliance.Technical & Behavioral Competencies Ideally in financial services with minimum of 10-12 years of experience in Third Party Technology Risk Management background. Bachelor\'s degree with professional certification in Information, Cyber, Network and Cloud Security. Experience with industry recognized standards for IT security controls and best practices like NIST, ISO27001, PCI DSS, COBIT, SOC 2, ISO 31000, GDPR, SOC assessments, etc. Strong knowledge in IT security risk assessments, IT Security controls Experience in Governance, Risk & Compliance (GRC) tools an advantage. Experience in managing a team with direct reportees and should have worked closely with various functions of management Monitor and evaluate team performance and provide regular feedback Effective verbal and written communication skills, with demonstrated ability to communicate with Sr. Management stakeholders CISO\xe2\x80\x99 COO\xe2\x80\x99s and CIO\xe2\x80\x99s. Proficiency in Microsoft Word, PowerPoint, Project Very strong work ethic and ability to deal with confidential information. Experience with a multicultural environment Ability to coordinate actions from different teams across time zones Strong problem-solving and analytical skills The ability to identify risks and develop appropriate responses Demonstrate excellent relationship management and conflict management capabilities to guide the client/vendor relationship through such experienceSpecific Qualifications (if required)Skills ReferentialBehavioural Skills: (Please select up to 4 skills)Ability to collaborate / TeamworkDecision MakingAbility to deliver / Results drivenCommunication skills - oral & writtenTransversal Skills: (Please select up to 5 skills)Ability to understand, explain and support changeAbility to manage a projectAbility to inspire others & generate people\'s commitmentAbility to manage / facilitate a meeting, seminar, committee, training\xe2\x80\xa6Ability to develop and leverage networksEducation Level:Bachelor Degree or equivalentExperience LevelAt least 10 yearsOther/Specific Qualifications (if required) Certifications such as Certified Third-Party Risk Professional (CTPRP) or Certified Information Systems Security Professional (CISSP), CISA, CISM are a plus. Frameworks \xe2\x80\x93 ISO27001, NIST, GDPR, DORA, DPDPQualificationsNA

BNP Paribas