Job Description

About BNP Paribas India Solutions:Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union\xe2\x80\x99s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai, and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.About BNP Paribas Group:BNP Paribas is the European Union\xe2\x80\x99s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group\xe2\x80\x99s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group\'s performance and stabilityCommitment to Diversity and InclusionAt BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected, and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, color, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.About Business line/Function:The Third-Party Technology Risk Management (TPTRM) Team is responsible for identifying and assessing risks relating to Information Security, Cyber Security, Business Continuity and Physical Security arising out of the Third Parties providing services to BNP Paribas, globally. This includes policy, governance, risk management, reporting and ownership of the lifecycle of Security Risk Assessment of the Third Parties.Job Title:ManagerDate:Department:Third Party Technology Risk Management (TPTRM)Location:MumbaiBusiness Line / Function:IT SecurityReports to:(Direct)VP - Third Party Technology Risk Management (TPTRM)Grade:(if applicable)(Functional)Number of Direct Reports:5-10Directorship / Registration:NAPosition PurposeThis role will be responsible for managing TPTRM globally, in guidance to BNPP Group direction, regulatory requirements. This role requires overseeing the Third-party risks across territories, collaborating with group, regional and local territory stakeholders from procurement, outsourcing, and local security teams to manage the program governance, Assessments, escalation of risk & reporting through various risk centric committees at territory, regional and global managements.ResponsibilitiesDirect Responsibilities\xc2\xb7 Manage Third Party Technology Risk Management program following the SLA for governing vendor assessments, reporting & other activities in relation to the Third-Party Technology Risk Management project.\xc2\xb7 Complying group\xe2\x80\x99s TPTRM program with Group Policies and procedure, local & regulatory requirements\xc2\xb7 Closely monitor the progress of TPTRM assessments across APAC, EMEA, NAR and ensure timely completion of assessment for in scope vendors, escalation and reporting to local & regional managements.\xc2\xb7 Collaborate with local security teams across regions and territories for cascading TPTRM framework, policies, procedures, and approach to drive the program efficiently.\xc2\xb7 Collaborate with SME teams across regions and territories for necessary coverage of reviews for Third Party vendors & applications/systems.\xc2\xb7 Perform Quality review for assessment report delivered by assessors, local and territory local security teams for adequacy of coverage of risk areas.\xc2\xb7 Responsible for TPTRM control testing is performed by second LOD (RISK ORC), Inspection General, in relation to the Global/ Regional TPTRM policies, regulatory guidelines.\xc2\xb7 Be the central POC for regions and territories for handling queries regarding TPTRM topics from global, regional, and local teams and interest parties.\xc2\xb7 Participating and presenting Supplier risks in periodic risk centric committees at territory and regional level.\xc2\xb7 Responsible for managing projects, tooling in aligning TPTRM activities and workflows, and managing maintaining all documentation, repository of assessment data in central database.\xc2\xb7 Responsible for reconciling and presenting regulatory reporting in technology risk committees at territory & regional level\xc2\xb7 Identifying and reporting/ escalating potential areas of risk/ non-responses to stakeholders and Sr. Management.Contributing Responsibilities\xc2\xb7 Closely working with regional Business Information Security to adopt best practices in region on outsourcing risk management guidelines covering various regulators.\xc2\xb7 Participating in initiatives taken by group or region to enhance existing Third-party Technology risk management policies, processes, methodologies in the best interest of BNPP Group.\xc2\xb7 Participate in local, territory & regional statutory, information security & regulatory audits pertaining to compliance with Third Party Technology risk management framework and compliance.Technical & Behavioral Competencies\xc2\xb7 Ideally in financial services with minimum of 10-12 years of experience in Third Party Technology Risk Management background.\xc2\xb7 Bachelor\'s degree with professional certification in Information, Cyber, Network and Cloud Security.\xc2\xb7 Experience with industry recognized standards for IT security controls and best practices like NIST, ISO27001, PCI DSS, COBIT, SOC 2, ISO 31000, GDPR, SOC assessments, etc.\xc2\xb7 Strong knowledge in IT security risk assessments, IT Security controls\xc2\xb7 Experience in Governance, Risk & Compliance (GRC) tools an advantage.\xc2\xb7 Experience in managing a team with direct reportees and should have worked closely with various functions of management\xc2\xb7 Monitor and evaluate team performance and provide regular feedback\xc2\xb7 Effective verbal and written communication skills, with demonstrated ability to communicate with Sr. Management stakeholders CISO\xe2\x80\x99 COO\xe2\x80\x99s and CIO\xe2\x80\x99s.\xc2\xb7 Proficiency in Microsoft Word, PowerPoint, Project\xc2\xb7 Very strong work ethic and ability to deal with confidential information.\xc2\xb7 Experience with a multicultural environment\xc2\xb7 Ability to coordinate actions from different teams across time zones\xc2\xb7 Strong problem-solving and analytical skills\xc2\xb7 The ability to identify risks and develop appropriate responses\xc2\xb7 Demonstrate excellent relationship management and conflict management capabilities to guide the client/vendor relationship through such experienceSpecific Qualifications (if required)Skills ReferentialBehavioural Skills: (Please select up to 4 skills)Ability to collaborate / TeamworkDecision MakingAbility to deliver / Results drivenCommunication skills - oral & writtenTransversal Skills: (Please select up to 5 skills)Ability to understand, explain and support changeAbility to manage a projectAbility to inspire others & generate people\'s commitmentAbility to manage / facilitate a meeting, seminar, committee, training\xe2\x80\xa6Ability to develop and leverage networksEducation Level:Bachelor Degree or equivalentExperience LevelAt least 10 yearsOther/Specific Qualifications (if required)\xc2\xb7 Certifications such as Certified Third-Party Risk Professional (CTPRP) or Certified Information Systems Security Professional (CISSP), CISA, CISM are a plus.\xc2\xb7 Frameworks \xe2\x80\x93 ISO27001, NIST, GDPR, DORA, DPDPQualificationsNA

BNP Paribas