Senior Associate – Third Party Security Risk

June 10, 2024

Senior Associate – Third Party Security Risk


  • Permanent
  • IN-Maharashtra-Mumbai
Apply for this job

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24×7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

About BNP Paribas Group:

 BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group’s performance and stability

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected, and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind, and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, color, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

About Business line/Function:

The Third-Party Technology Risk Management (TPTRM) Team is responsible for identifying and assessing risks relating to Information Security, Cyber Security, Business Continuity and Physical Security arising out of the Third Parties providing services to BNP Paribas, globally. This includes policy, governance, risk management, reporting and ownership of the lifecycle of Security Risk Assessment of the Third Parties.

Job Title:

Associate/Sr. Associate



Third Party Technology Risk Management (TPTRM)



Business Line / Function:

IT Security

Reports to:




(if applicable)


Number of Direct Reports:


Directorship / Registration:


Position Purpose

This role will be responsible for supporting the Third-Party Technology Risk Management team in identifying and evaluating potential/ recognized risks related to Information Security, Business Continuity and Physical Security. The 3rd Party Security Risk Assessor, reporting to the Manager, Third Party Risk Management team that performs security assessments of vendors, service providers and 3rd party companies that manage systems or information for BNP Paribas


Direct Responsibilities

·       As a Third-Party Technology Risk Assessor, you will perform third-party information and cyber security assessment to identify, monitor, remediate, and manage third party risks across the third-party lifecycle.

·       Risk Assessor role requires good risk experience & technology expertise (areas of information and cyber security, business continuity, incident management, compliance, and human resource security) in accurately scoring the inherent risk profile of 3rd parties, making sure the risk assessments are completed on time with quality. In addition, the role requires the ability to prioritize and drive workload.

·       Evaluating control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to review of: ISO 27001, SIG (Shared Assessments), TruSight, SOC / equivalent reports, as well as knowledge of controls related to Privacy, Compliance, Business Resiliency, Cyber and other risk domains.

·       Work with Line of business partners, by navigating them through the different stages of the risk assessment life cycle and making sure that they are being compliant to the organization requirements.

·       Communicate assessment findings and recommendations to internal stakeholders, including senior management, legal, and compliance teams as applicable.

·       Monitor and track the identified findings as part of the assessment lifecycle.

Contributing Responsibilities

·       Actively participate in identifying process gap and should be ready to own and update/ document relevant TPTRM policies and procedures

·       Support Internal and external TPTRM audit requirements

·       Compile and generate Weekly/Monthly/Quarterly dashboard on KPI

Technical & Behavioral Competencies

·       Ideally in financial services with minimum of 5+ years of experience in TPRM or Risk management background.

·       Bachelor’s degree with professional certification in Information, Cyber, Network and Cloud Security.

·       Experience with industry recognized standards for IT security controls and best practices like NIST, ISO27001, PCI DSS, COBIT, SOC 2 etc.

·       Experience in one or more risk disciplines an advantage i.e., Information Security, Business Continuity, Data Privacy etc.

·       Experience in Governance, Risk & Compliance (GRC) tools an advantage.

·       Experience in providing stakeholders with specialist risk knowledge and monitoring its execution.

·       Strong self-motivated multi-tasker who can prioritize competing tasks and stakeholders.

·       Ability to work independently in a fast adapting and agile work environment.

·       Proactive and deliverable focused, with a dedication to delivering against hard deadlines.

·       Excellent analysis skills with keen eye for detail.

·       Strong capabilities in Microsoft Excel, PowerPoint, and Word.

·       Familiarity with vendor management, procurement, and contract negotiation.

·       Ability to communicate effectively with both technical and non-technical stakeholders.

·       Strong analytical and problem-solving skills.

Specific Qualifications (if required)

Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Ability to collaborate / Teamwork

Communication skills – oral & written

Attention to detail / rigor

Creativity & Innovation / Problem solving

Transversal Skills: (Please select up to 5 skills)

Ability to develop and adapt a process

Ability to understand, explain and support change

Ability to develop others & improve their skills

Choose an item.

Choose an item.

Education Level:

Bachelor Degree or equivalent

Experience Level

At least 5 years

Other/Specific Qualifications (if required)

·       Certifications such as Certified Third-Party Risk Professional (CTPRP) or Certified Information Systems Security Professional (CISSP), CISA, CISM are a plus.

·       Frameworks – ISO27001, NIST, GDPR, DORA, DPDP

Offers you may be interested in