Vice President – Risk Orc Ict

Vice President – Risk Orc Ict
Company:

Bnp Paribas 2


Vice President – Risk Orc Ict

Details of the offer

VP - RISK ORC ICT

About BNP Paribas Group:
"BNP Paribas Group is a leading European bank with a strong global footprint across 72 markets and more than 202,000 employees. The Group provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships".

About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas Group, a leading bank in Europe with an international reach. With delivery centers located in Mumbai and Chennai, we are a 24x7 global delivery center. We partner various business lines of BNP Paribas such as Corporate and Institutional Banking, Wealth Management, Retail Banking through three verticals - Information Technology, Operations and Finance Shared Services.

Job Title:
Vice President
Date:
18 June 2020

Department:
Vice President
Location:
ISPL
Business Line / Function:
RISK

Reports to:
(Direct)
Chief Risk Officer

Grade:
(if applicable)
TBD
(Functional)
Head of RISK ORC ICT APAC
Number of Direct Reports:
0
Directorship / Registration:
NA

Position Purpose
• Implementation, management and oversight of 2nd line of defense risk management framework within the Information and Communication Technology (ICT) space in India.

Key Responsibilities

RISK ORC ICT ISPL Governance & Oversight • Provide IT & Cyber risk management oversight and advisory to the business, technical and operations groups
• Provide direction, support and oversight with respect to management of security and technology risks of core systems and applications
• Drive effective implementation and communication of Operational Risk Management policies and guidelines, in particular RISK ORC ICT related.

Risk management environment
• Identification & Assessment: Ensure that the identification and assessment of operational risks are effectively done across the organization by correlating input from Audit Findings, Internal Loss
Data Collection & Analysis, External Data Collection & Analysis, Risk Control Self Assessments, Business Process Mapping, KPIs & KRIs, Scenario Analysis, Quantified Measurement & Comparative Analysis
• Monitoring & Reporting: Implement a process to regularly monitor operational risk profiles and material exposure to losses and provide appropriate reporting mechanisms to the board, senior management and the business lines. Data capture and operational risk reporting should be continuously enhanced and provide a feedback loop to enhance risk management policies, procedures and practices.
• Control & Mitigation: Improve the effectiveness of the Internal Controls programme by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities. Assess operational risk response strategies. Validate risk transfer options.
• Risk Disclosure: Provide updates on regulatory and financial disclosure while complying with external and regulatory communications standards and disclosing the operational risk management framework of the bank in a manner that complies with the formal disclosure policy approved by the board of directors. Defines approach for determining what operational risk disclosures are made and
the internal controls over the disclosure process. Implement a process to assess the appropriateness of the disclosure, including the verification and frequency.

Contributing Responsibilities

RISK ORC ICT
Governance & Oversight
• Contribute to the establishment of an IT & Cyber Risk Management program in the Bank and at ISPL within the three lines of defense model in alignment with the Group Risk Management Framework
• Assist with establishing appropriate risk management governance committees, arrange agendas and chair meetings as appropriate
• Assist with establishing and oversight of the Operational Risk Management infrastructure and ensure practices are consistent with regulatory expectations and industry sound practices

Risk management environment
• Business Resiliency & Continuity: Oversee and drive the business resiliency and continuity plans to ensure the ability of the Bank and at ISPL to operate on an ongoing basis and limit the losses in the event of severe business disruption. Coordinate with the first and third lines of defense to test these plans to ensure coverage and adequacy.

Technical & Behavioral Competencies
• Professional qualifications relevant to Information Security (such as CISA, CISM or CRISC).
• Strong risk mindset with understanding of applicable regulatory requirements in financial services sector around Information Security Risks (Technology Risk, Business Continuity Risk, etc.)
• Experience in managing Enterprise Risk and necessary Controls. Experience in the infrastructure security space. Strong experience in Third Party Risk assessment process.
• Functional knowledge in below areas to cover endpoint, network devices, server and databas es:

Security Architecture
Malware Protection
Identity & Access Management

Secure Configuration
Security Testing
Emerging Technology Security
• Good understanding of information security technologies and knowledge around network devices,
servers, Firewall, IDS, IPS, SIEM, DLP, Proxy, Web / Email Content Filtering and Anti-Virus & Malware protection.
• Good understanding of vulnerability assessments and penetration testing and technologies associated with the capabilities.
• Good understanding of incident response and management capability for cyber incidents.
• Working knowledge of Regulatory requirements including Data Privacy Regulations like GDPR, India Data Privacy Law, SEBI and RBI privacy requirements etc
• Good team player with strong stakeholder management, relationship building, influencing, facilitating.
• Good listening and analytical skills including,
- Being able to come to a thoughtful and business focused conclusion quickly.
- Ability to co-operate and work well with others adopting an approachable style.

Specific Qualifications (if required)

• Ability to analyze and adopt the global privacy and data protection trends and regulatory requirements.
• Understand the emerging technology trends and necessary security implications.

Requirements


Knowledges:

  • Access

Senior technology specialist

Senior Technology Specialist Save for LaterRemove Saved Job Go to My Saved Jobs Job ID 50623BR About Wells Fargo Wells Fargo & Company (NYSE: WFC) is a...


From Wells Fargo India Solutions Pvt Ltd - Andhra Pradesh

Published 20 days ago

Application architect

Application Architect Save for LaterRemove Saved Job Go to My Saved Jobs Job ID 50622BR About Wells Fargo Wells Fargo & Company (NYSE: WFC) is a leading...


From Wells Fargo India Solutions Pvt Ltd - Andhra Pradesh

Published 20 days ago

Senior technology specialist

Senior Technology Specialist Save for LaterRemove Saved Job Go to My Saved Jobs Job ID 50624BR About Wells Fargo Wells Fargo & Company (NYSE: WFC) is a...


From Wells Fargo India Solutions Pvt Ltd - Andhra Pradesh

Published 20 days ago

Fin plan & controls analyst

Fin Plan & Controls Analyst 3 Save for LaterRemove Saved Job Go to My Saved Jobs Job ID 46642BR About Wells Fargo Wells Fargo & Company (NYSE: WFC) is a...


From Wells Fargo India Solutions Pvt Ltd - Andhra Pradesh

Published 20 days ago