Job Description

IT-OPC RESOURCE (JOB NUMBER: BNP023895)






About BNP Paribas Group:


BNP Paribas is a top-ranking bank in Europe with an international profile. It operates in 71 countries and has almost 199 000 employees. The Group ranks highly in its three core areas of activity: Domestic Markets and International Financial Services (whose retail banking networks and financial services are grouped together under Retail Banking & Services) and Corporate & Institutional Banking, centred on corporate and institutional clients. The Group helps all of its clients (retail, associations, businesses, SMEs, large corporates and institutional) to implement their projects by providing them with services in financing, investment, savings and protection. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas enjoys leading positions in Europe, a strong presence in the Americas and has a solid and fast-growing network in the Asia/Pacific region.





About BNP Paribas India Solutions:


Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, a leading bank in Europe with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 6000 employees, to provide support and develop best-in-class solutions.





About Business line/Function :


ITG is a group function established recently (2019) in ISPL with presence in Mumbai, Chennai, Bengaluru. We collaborate with various business lines of the group to provide IT Services.






Job Title:

IT-OPC (Operational Permanent Control) Professional

Date:

Oct 2023


Department:

Territory Service Center

Location:

India


Business Line / Function:

ITG

Reports to: (Direct)

ISPL ITG Manager \xe2\x80\x93


Grade: (if applicable)

(Functional)

IT Risk Cyber Governance - IT - Risk & Permanent Control Team Manager, TSC Germany


Number of Direct Reports:

Not applicable

Directorship / Registration:

NA


Position Purpose


This position is part of the IT-Risk & Cyber Security team, which is serving all entities of the BNPP Group in Germany and Austria.
The mission of the IT-OPC Professional, in accordance with the defined policy defined, is to assure that there are no gaps left uncovered in terms of IT-Risk assessment, corresponding permanent controls, and that operational governance is in place in all IT teams. The role covers from an IT-OPC perspective, all activities which are in the scope of the served entities (local, central and outsourced activities).
Risk assessments, 1st level controls and testing of the effectiveness of IT and Information Security solutions are a major part of the daily task list.
Further tasks include outsourcing monitoring / Third Party Risk Management and assessment, monitoring and reporting of Shadow & Light-IT situations.
Support IT teams to implement compliance with BAIT/KAIT requirements and follow and control corresponding tasks and monitor regulatory changes.
Operational incident management: Monitoring and assessing IT incidents for real or potential losses. Support of access rights controls \xe2\x80\x93 reconciliation and recertification of access rights in close cooperation with corresponding IT admin teams.
Close cooperation is necessary with the operational IT teams, the local OPC team and the central IT-OPC organization.


Responsibilities




Direct Responsibilities


\xc2\xa7 To ensure consistency of approach, methodology, reporting, business alignment of IT-OPC, including risk assessments, control frameworks, control design and effectiveness, testing, evidence, reporting


\xc2\xa7 Provides IT-OPC expertise for the business unit/functions in respective area


\xc2\xa7 Working with technology stakeholders (including operational production and development teams) to identify the top technology IT-Risks impacting the firm and formulating appropriate remediation strategies based on full understanding of business exposure and compensating controls


\xc2\xa7 Contributes to the definition and development of the IT-OPC procedures, in line with head office policies


\xc2\xa7 Providing independent expert advice to the IT areas on operational risk issues


\xc2\xa7 Executing IT-Risk assessment reviews (covering 9 IT-Risk categories), identifying controls gaps and working in collaboration with subject matter experts to define appropriate mitigation plans


\xc2\xa7 Performs 1st level analysis of IT and IT-Security controls and assesses the related impacts; supports 2nd controls and provides reports to local ORC


\xc2\xa7 Reviews regularly the map of operational IT-Risks and corresponding controls plans and prepares management status reports


\xc2\xa7 Checks the robustness and efficiency of the IT and IT Security controls according to the requirements defined by the IT-Risk Manager of area


\xc2\xa7 Monitoring and oversight of existing IT-Risks, working collaboratively with stakeholders in ensuring plans are managed within timescales and escalating where appropriate


\xc2\xa7 Contributes to the monitoring and management of IT-related nonconformities


\xc2\xa7 Assure compliance of the IT and Information Security framework with BNPP group policies


\xc2\xa7 Engaging with firm wide risk and control groups, including internal audit and territory control teams


\xc2\xa7 Assistance with drafting of risk acceptance statements and co-ordinating sign-off from business and IT stakeholders


\xc2\xa7 Maintain dashboards and control sheets


\xc2\xa7 Accompanies internal and external audits of the IT function in area


\xc2\xa7 Follows up progress and closure of recommendations of internal and external audits of the IT function in area, along with an appropriate reporting


\xc2\xa7 Rolling out risk awareness actions to enhance IT-Risk culture in IT teams and business teams (e.g. remind on the need for proper software user acceptance tests before each release; need to know principle in access rights requirements)


Technical & Behavioral Competencies


\xc2\xa7 Experience in a risk/control/compliance/governance role e.g. OPC, Audit \xc2\xa7 IT / IT Security experience \xc2\xa7 Proficiency in MS Office and related applications (Word, Excel, PowerPoint, Visio and SharePoint).


Specific Qualifications (if required)


\xc2\xa7 Knowledge of Information Security principles and Information Systems Security standards like: o ISO 27001 o ISO 27002 o ISO 27005 Risk Management (Information Security Risk Management) o NIST Cyber Security Framework (CSF) \xc2\xa7 ISACA Certified Information Systems Auditor (CISA) certification is a plus


Skills Referential


Behavioural Skills: (Please select up to 4 skills)


Communication skills - oral & written


Ability to collaborate / Teamwork


Ability to synthetize / simplify


Attention to detail / rigor


Transversal Skills: (Please select up to 5 skills)


Analytical Ability


Ability to understand, explain and support change


Ability to develop and adapt a process


Ability to manage / facilitate a meeting, seminar, committee, training\xe2\x80\xa6


Choose an item.


Education Level:

Bachelor Degree or equivalent


Experience Level

At least 5 years


Other/Specific Qualifications (if required)




NA

Primary Location

: IN-TN-Chennai

Job Type

: Standard / Permanent

Job

: INFORMATION TECHNOLOGY
Education Level : Bachelor Degree or equivalent (>= 3 years)
Experience Level : At least 5 years

Schedule

: Full-time