IT Security, Risk & Control Lead – Manager / AVP
- Standard / Permanent
- INFORMATION TECHNOLOGY
About BNP Paribas Group:
BNP Paribas is a top-ranking bank in Europe with an international profile. It operates in 71 countries and has almost 199 000 employees. The Group ranks highly in its three core areas of activity: Domestic Markets and International Financial Services (whose retail banking networks and financial services are grouped together under Retail Banking & Services) and Corporate & Institutional Banking, centered on corporate and institutional clients. The Group helps all of its clients (retail, associations, businesses, SMEs, large corporates and institutional) to implement their projects by providing them with services in financing, investment, savings and protection. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas enjoys leading positions in Europe, a strong presence in the Americas and has a solid and fast-growing network in the Asia/Pacific region.
About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, a leading bank in Europe with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24×7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 6000 employees, to provide support and develop best-in-class solutions.
About Business line/Function :
The Transversal team in Global Banking IT provides services IT Risk, Security and Control services for the application development teams present in ISPL. The team is responsible to help monitor, govern, guide and report on the IT security, Risk and control adherences for the application in scope of the team.
IT Security, Risk & Control Lead – Manager / AVP
Global Banking IT
Nirlon Knowledge Park, Mumbai
Business Line / Function:
Global Banking – Transversal Management
Number of Direct Reports:
Directorship / Registration:
The Governance Lead role is to ensure the appropriate and robust IT Security, Risk and Control polices, processes are implemented & adhered-to by all stakeholders in the department. They would be responsible to monitor, report and assist teams in being compliant with the policies laid out by the Bank.
Function as the single point of IT contact for key elements such as enterprise IT policy governance, enterprise IT strategy, IT internal audits, and IT risk acceptance.
· Ensure strong and effective Risk Management– including operation risk
· Manage transformation, improvement & control initiatives aligning with global strategies. Ensure strong collaboration and partnership of Global Banking – ISPL with responsible global teams
· Help develop and implement processes to assess and/or monitor the effectiveness of Application’s IT Security, risk and control procedures to ensure adherence to standards and policies as appropriate. Contribute to all aspects of the delivery lifecycle to provide guidance to the teams that ensures secured development of applications
· Create and share reports with IT management, identifying and highlighting observations and suggesting options and recommendations
· Serve as an expert to guide & review security testing requirements for applications in scope
· Provide technical expertise testing to project teams guiding them when needed
· Collaborate with other ISPL functions to identify and implement consistent and effective approaches to security, risk, governance and control-based activities
Technical & Behavioral Competencies
· Strong understanding of Application security including DevSecOps framework. Good knowledge of OWASP, OSSTMM, SANS and other application security standards and best practices
· Strong understanding of IT Risk Management
· Expert level understanding of application security practices
· Keen desire to be at the leading edge of technology and process practices
· Ability to work under minimal supervision
· Strong analytical, interpersonal skills
· Must have the ability to interact professionally with a diverse group of developers, tester engineers, and managers. Ability to work well with culturally diverse global teams
· Excellent written and oral communication skills
Specific Qualifications (if required)
· Minimum 7 years of relevant experience and proven accomplishments in IT security, Risk & Controls
Behavioural Skills: (Please select up to 4 skills)
Ability to deliver / Results driven
Attention to detail / rigor
Ability to share / pass on knowledge
Transversal Skills: (Please select up to 5 skills)
Ability to anticipate business / strategic evolution
Ability to manage a project
Ability to manage / facilitate a meeting, seminar, committee, training…
Ability to inspire others & generate people’s commitment
Bachelor Degree or equivalent
At least 10 years
Other/Specific Qualifications (if required)
Relevant industry recognized security or Risk certifications like CISSP / CISM, etc.