Manager/AVP- ICT Operational Risk Officer

About BNP Paribas India Solutions
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union's leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

About BNP Paribas Group
BNP Paribas is the European Union's leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group's commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

About Business Line/Function
The Group RISK ORM Network Operational Risk Officer is part of the Group RISK Function within BNP Paribas. The department has responsibility for steering and reporting on the Group's Operational Risk Management framework and status. It is the independent second line of defense on operational risk management activities of the Group, including on Information and Communication Technology risk management activities.

Job Title
ICT Operational Risk Officer (Senior Payments System Assessor)

Date
26-May-2025

Department
RISK

Location:

ISPL, Mumbai

Business Line / Function
Group RISK ORM

Reports To
(Direct)

Head of RISK ORM Network, India CoE

Grade
(if applicable)

TBD
(Functional)

Global Head of Payment Systems Risk and Testing

Number Of Direct Reports
N/A

Directorship / Registration
N/A

Position Purpose

RISK Operational Risk Management (RISK ORM), created early 2021 to oversee operational risks within the mandate of the RISK function, is organised, under the responsibility of the Group Chief Operational Risk Officer (Group CORO), around 3 Poles: RISK ORM Framework, RISK ORM Technology & Transversal Risks and RISK ORM Network.

Under the authority of the Pole's Manager, RISK ORM Network is made up of all the Operational Risk Officers (OROs) acting as the second line of defence (LoD2) within the Group's operational entities (Poles, Business Lines, Functions, Transversal Activities).

Payment Systems Risk and Testing team is part of the RISK ORM Cyber and Payment Systems Risk Technical Test & Automation Centre. The team's mission is to assess the design and effectiveness of ICT controls implemented in key Payment Systems across all entities in the Group to mitigate ICT risks and present a consolidated end-to-end risk view based on the output of its independent technical testing. As trusted partners, team helps the business sustainably enhance their ICT control environment and strengthen their overall security posture; through issuing permanent control actions based on root cause of the findings identified and validating remediation of such permanent control actions.

The overall purpose of this position, as part of the RISK ORM Payment Systems Risk and Testing team, is to ensure the continued development and implementation of group-wide Payment Systems Technical Testing program, through leading and executing ICT risk assessments of Payment Systems across the group in accordance with the Group Risk ORM standards and policies. In addition, this role will also be responsible for delivering the Operational Risk Officer (ORO) oversight activities per the operational risk management framework (ORMF) in IT departments supporting critical payment processing systems. Furthermore, this role entails representing the team in Risk Management governance committees (conducted in French/English); influencing the ICT risk culture by driving the agenda and reporting the risk status to the senior management through working in collaboration with other Stakeholders from the business and RISK ORM teams.

Responsibilities

• Lead Payment Systems independent testing mission engagements with accountability and responsibility to ensure that the engagement team delivers the missions within agreed timelines adhering to RISK ORM framework and high-quality standards.
• Ensure that identification and assessment of operational risks are effective across the organization by correlating inputs from Independent Testing, Audit Findings, Internal Loss Data Collection & Analysis, External Data Collection & Analysis, Risk & Control Self Assessments, Business Process Reviews, KPIs & KRIs and Scenario Analysis.
• Accountable for providing excellence within Payment Systems Risk domain and serving as an advisor to business managers, identifying, analysing, categorizing, and prioritizing the risks affecting BNPP.
• Improve the effectiveness of the ICT Control Framework for Payment Systems by regularly assessing the control environment, risk assessment process, control activities, and monitoring activities in accordance with the Group Risk ORM standards and policies.
• Monitor operational risk profiles and material exposure to losses and provide appropriate reporting mechanism to senior management and business stakeholders, including through risk management governance committees.
• Contribute to the implementation and enhancement of BNPP operational permanent control framework.
• Provide a fair check and challenge to the LoD1 on Payments related Regulatory Attestation Exercises (e.g. CHAPS, TARGET2 and PSD2)
• Provide Payments Systems risk management consulting to the business, technical and operations groups.Contributing Responsibilities
• Collaborates at the India CoE level with Head of India CoE, including but not limited to the CoE level reporting requirements.
• Effectively contributes to the CoE, RISK India Hub and ISPL on Group mandates, objectives and priorities
• Lead by example, demonstrating effective Leadership in the CICEP team leading to CoE as a positive place to work in conjunction with the Head of India CoE.

Technical & Behavioral Competencies

Skills Required
SKILLS, EXPERIENCE AND COMPETENCIES

• 10 to 12 years of experience in IT audit / ITGC controls testing / technical assessments, preferably in the areas of Payments Technology or Cyber domains within in a financial institution.
• Good working knowledge of best practices in risk management processes within the Banking sector.
• Excellent analytical skills with the ability to translate technical concepts and provide specialist guidance and advice to others.
• Demonstrated ability to communicate effectively and to present in a structured approach in English.
• Strong people management skills and an ability to work with individuals to set individual objectives and manage performance to ensure their delivery.
• Proven commercial and communication / relationship management skills.
• Ability to lead risk assessments.

• Good working knowledge of concepts related to Payment and Information Security including emerging threats and attacks methodologies is highly desirable, at least in most of the below areas:

• Payment Flows/Chains

• SWIFT Systems
• Good technical understanding of security technologies, including intrusion detection/prevention, correlation of events, firewall, antivirus, anti-spam, policy tightening, patch management and configuration management, audit, security development technique, etc.
• Knowledge of cryptographic standards for encryption, electronic signature, key management infrastructure (PKI).
• Knowledge of IT Risk Management

Skills Preferred

• Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements.
• Is self-aware, anticipates problems, adapts and meets them head on.
• Strong stakeholder management, relationship building, influencing, facilitating and presenting skills.
• Is solutions focused – measures their output on whether issues, problems or challenges are resolved as a criteria for success.

Competencies

• Professional qualification and expert knowledge in a specific Risk specialism and how that fits within the broader organization as well as more deeply within the Risk function.
• Degree level qualification in STEM subject will be advantageous.

Conduct

• Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure.

Specific Qualifications (if Required)
Bachelors degree, and certification in Information Systems

Skills Referential
Behavioural Skills: (Please select up to 4 skills)

Attention to detail / rigor

Ability to deliver / Results driven

Ability to deliver / Results driven

Ability to collaborate / Teamwork

Transversal Skills: (Please select up to 5 skills)

Ability To Develop Others & Improve Their Skills
Ability to inspire others & generate people's commitment

Ability to set up relevant performance indicators

Analytical Ability

Ability to develop and leverage networks

Education Level
Bachelor Degree or equivalent

Experience Level

At least 10 years

Other/Specific Qualifications (if Required)

• Industry recognized ICT Risk Management Qualifications such as CISA, CRISC, CISSP etc.