IT Security, Risk & Control Lead – Manager / AVP

May 16, 2024

IT Security, Risk & Control Lead – Manager / AVP


  • Standard / Permanent
  • IN-MH-Mumbai
Apply for this job

About BNP Paribas Group:

BNP Paribas is a top-ranking bank in Europe with an international profile. It operates in 71 countries and has almost 199 000 employees. The Group ranks highly in its three core areas of activity: Domestic Markets and International Financial Services (whose retail banking networks and financial services are grouped together under Retail Banking & Services) and Corporate & Institutional Banking, centered on corporate and institutional clients. The Group helps all of its clients (retail, associations, businesses, SMEs, large corporates and institutional) to implement their projects by providing them with services in financing, investment, savings and protection. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas enjoys leading positions in Europe, a strong presence in the Americas and has a solid and fast-growing network in the Asia/Pacific region.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, a leading bank in Europe with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24×7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 6000 employees, to provide support and develop best-in-class solutions.

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

About Business line/Function :

The Transversal team in Global Banking IT provides services IT Risk, Security and Control services for the application development teams present in ISPL. The team is responsible to help monitor, govern, guide and report on the IT security, Risk and control adherences for the application in scope of the team.

Job Title:

IT Security, Risk & Control Lead – Manager / AVP



Global Banking IT


Nirlon Knowledge Park, Mumbai

Business Line / Function:

Global Banking – Transversal Management

Reports to:



(if applicable)


Number of Direct Reports:


Directorship / Registration:


Position Purpose

The Governance Lead role is to ensure the appropriate and robust IT Security, Risk and Control policies, processes are implemented & adhered-to by all stakeholders in the department. They would be responsible to monitor, report and assist teams in being compliant with the policies laid out by the Bank.

Function as the single point of IT contact for key elements such as enterprise IT policy governance, enterprise IT strategy, IT internal audits, and IT risk acceptance for ISPL development teams



Direct Responsibilities

·       Ensure strong and effective Risk Management– including operation risk

·    Manage security transformation, improvement & control initiatives aligning with global strategy. Ensure strong collaboration and partnership of Global Banking – ISPL with responsible global teams

·     Help contribute to develop and implement processes to assess and/or monitor the effectiveness of Application’s IT Security, risk and control procedures to ensure adherence to standards and policies as appropriate. Contribute to all aspects of the delivery lifecycle to provide guidance to the teams that ensures secured development of applications 

·       Create and share reports with IT management, identifying and highlighting observations and suggesting options and recommendations

·       Serve as an expert to guide & review security testing requirements for applications in scope

·       Provide technical expertise testing to project teams guiding them when needed

Contributing Responsibilities

·       Collaborate with other ISPL functions to identify and implement consistent and effective approaches to security, risk, governance and control-based activities

Technical & Behavioral Competencies

·       Strong understanding of Application security including DevSecOps framework. Good knowledge of OWASP, OSSTMM, SANS and other application security standards and best practices

·       Strong understanding of IT Risk Management

·       Expert level understanding of application security practices

·       Keen desire to be at the leading edge of technology and process practices

·       Ability to work under minimal supervision

·       Strong analytical, interpersonal skills

·   Must have the ability to interact professionally with a diverse group of developers, tester engineers, and managers. Ability to work well with culturally diverse global teams

·       Excellent written and oral communication skills

Specific Qualifications (if required)

·       Minimum 7 years of relevant experience and proven accomplishments in IT security, Risk & Controls

Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Ability to deliver / Results driven

Attention to detail / rigor


Ability to share / pass on knowledge

Transversal Skills: (Please select up to 5 skills)

Analytical Ability

Ability to anticipate business / strategic evolution

Ability to manage a project

Ability to manage / facilitate a meeting, seminar, committee, training…

Ability to inspire others & generate people’s commitment

Education Level:

Bachelor Degree or equivalent

Experience Level

At least 10 years

Other/Specific Qualifications (if required)

Relevant industry recognized security or Risk certifications like CISSP / CISM, etc.

Offers you may be interested in