IT & Cyber Risk Engineer

July 3, 2024

IT & Cyber Risk Engineer


  • Permanent
  • IN-Maharashtra-Mumbai
Apply for this job

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24×7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

About BNP Paribas Group:

 BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group’s performance and stability

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

About Business line/Function:

ISPL FRESH Risk & Cyber security team is formed in the year 2022 and we are an extended team of Paris FRESH RCS. The team is currently based out of Paris, Mumbai & Bengaluru. Risk & Cyber security team manages around 120 applications in scope for all the 7 groups within FRESH. Team is equipped to manage the Cyber security programs, Vulnerability Management, Security Legacy Review, Pen testing co-ordinations, SAST on boarding, Third Party Risk Management, GDPR, IRPP etc..

Job Title:

IT and Cyber Risk  Engineer







Business Line / Function:


Reports to:



(if applicable)


Number of Direct Reports:

Directorship / Registration:


Position Purpose

The main mission of the IT and Cyber Risk Engineer is to participate in the management of IT risks, in particular through the design and execution of a risk management framework, deployment, analysis and supervision. The objective is to help define and improve the IT Continuity & IT Resilience governance of the Fresh entity in order to provide assurance that Fresh is in a position to deal with key threats such as long-term IT outages or targeted and destructive cyberattacks.


Direct Responsibilities

·       You will support the IT Continuity and Resilience Officer (ICRO) in his or her core functions

·       You will be in charge of coordinating and managing the international dimension of Fresh by supporting the change to the BNPP Group’s Service Now – Governance Risk and Compliance (GRC) tools. Your advanced level of English is a major asset

·       You will follow the BNPP Group’s cyber-resilience programmes such as CAR-Critical Asset Recovery, DORA (Digital Operational Resiliency Act) or the ECB remediation programme with a strong impact on the scope of IT continuity

·       You will implement the Group’s cyber-resilience initiatives driven by the actions of ITG CDF (Cybersecurity & Digital Fraud) by contributing to the completion of the quarterly Panorama Continuity exercises of the BNPP Group

·       You will carry out regular reviews (CLR for Continuity Legal Review) with a dozen SPOCs to ensure the compliance of the backup systems developed for Finance & Risk – criticality of IT applications, documentation and planning of periodic emergency exercises

·       You will provide support to the operational teams to adopt the GRC / Service Now group’s tool, and dematerialize the deliverables related to continuity (ASC, IC PLAN, ECI) in the tool

·       You will carry out the permanent control campaigns of the Fresh Risk & Cyber Security department

·       In collaboration with IT production, you will support the deployment of principles and rules relating to IT continuity architectures (IT Ref Cards), IT resilience and cyber-resilience

·       You ensure that the level of continuity of IT assets is consistent with the Business Continuity needs expressed by the Finance and Risk business lines

·       You will develop, propose and coordinate approaches aimed at improving the ability to support and recover IT and business activity in the context of major cyber attacks (data corruption, destruction of IT assets, etc.).

Contributing Responsibilities

·       You will participate in the launch and validation of IT solutions – RIA architecture reviews, in order to know the exposure to IT risks related to IT continuity and provide your expertise and/or validation

·       You will work in close collaboration with Fresh’s IT Risk Officer in order to implement the IT risk management system on the continuity part, in particular by ensuring the management of major risks and the monitoring of the implementation of risk reduction plans and risk acceptances

·       You may be required to participate in or contribute to the group’s various cross-functional committees (Risk, Continuity, Business, Cyber, CDF, ICRO Committees, etc.)

·       You raise awareness and lead the IT Fresh sector, by communicating and training employees in the best practices of IT continuity

·       Over time, you will become one of the major referents of IT continuity within the Fresh entity

Technical & Behavioral Competencies

IT Continuity, Cyber Resilience, and Infrastructure

Know the norms and standards in IT security (ISO 27001, ISO 27005, ISO 31000)

Know cybersecurity repositories, norms and standards, IS and network architectures

Know how to assess a level of risk such as cyber security or IT resilience

Specific Qualifications (if required)


Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Ability to collaborate / Teamwork

Communication skills – oral & written


Client focused

Transversal Skills: (Please select up to 5 skills)

Ability to understand, explain and support change

Ability to develop and adapt a process

Ability to manage / facilitate a meeting, seminar, committee, training…

Ability to manage a project

Ability to manage a project

Education Level:

Bachelor Degree or equivalent

Experience Level

At least 5 years

Other/Specific Qualifications (if required)

Offers you may be interested in