Third Party Risk Management

March 26, 2024

Third Party Risk Management

ReferenceBNP024577

  • Standard / Permanent
  • IN-MH-Mumbai
  • INFORMATION TECHNOLOGY
Apply for this job

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai, and Mumbai, we are a 24×7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

About BNP Paribas Group:

 BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group’s performance and stability

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected, and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, color, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

About Business line/Function:

The Third-Party Technology Risk Management (TPTRM) Team is responsible for identifying and assessing risks relating to Information Security, Cyber Security, Business Continuity and Physical Security arising out of the Third Parties providing services to BNP Paribas, globally. This includes policy, governance, risk management, reporting and ownership of the lifecycle of Security Risk Assessment of the Third Parties.

Job Title:

Manager

Date:

Department:

Third Party Technology Risk Management (TPTRM)

Location:

Mumbai

Business Line / Function:

IT Security

Reports to:

(Direct)

VP – Third Party Technology Risk Management (TPTRM)

Grade:

(if applicable)

(Functional)

Number of Direct Reports:

5-10

Directorship / Registration:

NA

Position Purpose

This role will be responsible for managing TPTRM globally, in guidance to BNPP Group direction, regulatory requirements. This role requires overseeing the Third-party risks across territories, collaborating with group, regional and local territory stakeholders from procurement, outsourcing, and local security teams to manage the program governance, Assessments, escalation of risk & reporting through various risk centric committees at territory, regional and global managements.

Responsibilities

 

Direct Responsibilities

·       Manage Third Party Technology Risk Management program following the SLA for governing vendor assessments, reporting & other activities in relation to the Third-Party Technology Risk Management project.

·       Complying group’s TPTRM program with Group Policies and procedure, local & regulatory requirements

·       Closely monitor the progress of TPTRM assessments across APAC, EMEA, NAR and ensure timely completion of assessment for in scope vendors, escalation and reporting to local & regional managements.

·        Collaborate with local security teams across regions and territories for cascading TPTRM framework, policies, procedures, and approach to drive the program efficiently.

·        Collaborate with SME teams across regions and territories for necessary coverage of reviews for Third Party vendors & applications/systems.

·       Perform Quality review for assessment report delivered by assessors, local and territory local security teams for adequacy of coverage of risk areas.

·       Responsible for TPTRM control testing is performed by second LOD (RISK ORC), Inspection General, in relation to the Global/ Regional TPTRM policies, regulatory guidelines.

·       Be the central POC for regions and territories for handling queries regarding TPTRM topics from global, regional, and local teams and interest parties.

·        Participating and presenting Supplier risks in periodic risk centric committees at territory and regional level.

·       Responsible for managing projects, tooling in aligning TPTRM activities and workflows, and managing maintaining all documentation, repository of assessment data in central database.

·       Responsible for reconciling and presenting regulatory reporting in technology risk committees at territory & regional level

·        Identifying and reporting/ escalating potential areas of risk/ non-responses to stakeholders and Sr. Management.

Contributing Responsibilities

·       Closely working with regional Business Information Security to adopt best practices in region on outsourcing risk management guidelines covering various regulators.

·       Participating in initiatives taken by group or region to enhance existing Third-party Technology risk management policies, processes, methodologies in the best interest of BNPP Group.

·       Participate in local, territory & regional statutory, information security & regulatory audits pertaining to compliance with Third Party Technology risk management framework and compliance.

Technical & Behavioral Competencies

·       Ideally in financial services with minimum of 10-12 years of experience in Third Party Technology Risk Management background.

·       Bachelor’s degree with professional certification in Information, Cyber, Network and Cloud Security.

·       Experience with industry recognized standards for IT security controls and best practices like NIST, ISO27001, PCI DSS, COBIT, SOC 2, ISO 31000, GDPR, SOC assessments, etc.

·       Strong knowledge in IT security risk assessments, IT Security controls

·       Experience in Governance, Risk & Compliance (GRC) tools an advantage.

·       Experience in managing a team with direct reportees and should have worked closely with various functions of management

·       Monitor and evaluate team performance and provide regular feedback

·       Effective verbal and written communication skills, with demonstrated ability to communicate with Sr. Management stakeholders CISO’ COO’s and CIO’s.

·        Proficiency in Microsoft Word, PowerPoint, Project

·        Very strong work ethic and ability to deal with confidential information.

·       Experience with a multicultural environment

·       Ability to coordinate actions from different teams across time zones

·       Strong problem-solving and analytical skills

·       The ability to identify risks and develop appropriate responses

·        Demonstrate excellent relationship management and conflict management capabilities to guide the client/vendor relationship through such experience

Specific Qualifications (if required)

Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Ability to collaborate / Teamwork

Decision Making

Ability to deliver / Results driven

Communication skills – oral & written

Transversal Skills: (Please select up to 5 skills)

Ability to understand, explain and support change

Ability to manage a project

Ability to inspire others & generate people’s commitment

Ability to manage / facilitate a meeting, seminar, committee, training…

Ability to develop and leverage networks

Education Level:

Bachelor Degree or equivalent

Experience Level

At least 10 years

Other/Specific Qualifications (if required)

·       Certifications such as Certified Third-Party Risk Professional (CTPRP) or Certified Information Systems Security Professional (CISSP), CISA, CISM are a plus.

·       Frameworks – ISO27001, NIST, GDPR, DORA, DPDP

NA

Offers you may be interested in