Job
Description
Position Purpose The candidate for the Third Party Risk Management role within the BNPParibas Operational risk team is responsible for providing independent oversight and strategic 2LOD guidance on the Third Party Risk Management domains across both direct and indirect areas of responsibility for the CIB APAC operating entities. Responsibilities Direct Responsibilities Be responsible for supporting the development and implementation of a CIB wide Third Party risk management program including ICT and non-ICT third parties. Successful candidate will have exposure to developing and implementing risk management programs in global organizations, with robust knowledge of technology, risks, architectures and related tools. Prior third party risk experience (IT, Cyber, Vendor management etc.) and exposure to the Financial Services industry is a must. Experience with GRC tools and other risk management information systems is preferred. Effectively challenge all aspects of the Risk and Control Self-Assessment (RCSA) of the business units under our remit, provide recommendations and follow up on their implementation Analyze risk data from various sources (e.g. external events, control deficiencies, risk register) to identify and measure levels of risk, concentration, trends and patterns and use it to assess the current control environment and recommend improvements where applicable Perform check and challenge of 1LOD mitigation plans, risk acceptances, permanent control action and audit recommendations, produce and communicate risk opinions and maintain working papers to substantiate and ensure objective basis for the risk opinions Collaborate with other 2LOD functions and teams across the Americas and Group on common priorities/projects Contribute to the successful execution of independent testing missions that are designed to evaluate TPRM risk identification and effective and sustainable mitigation. Perform independent testing controls and support the wider RISK ORM community globally in defining better maturity models for independent testing. The individual will lead this effort from an independent risk assessment of these projects and will support vendor assessment and reporting the findings. Excellent presentation skills are necessary. Experience interacting with regulatory agencies is a plus. Implement the wider Enterprise Risk Management framework (HI, PI, RCSA, Recommendations and action plan follow-up) on the third party risks area. Contributing Responsibilities Technical & Behavioral Competencies Essential 5+ experience specifically in third party assessments. Bachelor degree in Business or Risk Management (or equivalent professional qualification). Team player focus on the success of the whole team. Working well both with others, as well as individually. Excellent stakeholder management skills. Experience in a Vendor risk management, Outsourcing risk management, Technology Risk, Information Security or an IT Audit role. Good listening and analytical skills being able to come to a thoughtful and business focused conclusion quickly. Ability to co-operate and work well with others adopting an approachable style Important as we work closely with a large and diverse set of suppliers and customers. Ability to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits. Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done. Taking accountability for their actions and be open and honest when things have gone wrong, and celebrating successes when things have gone well. Being rigorous and thorough especially when logging and tracking issues through to conclusion. Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management. Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business. Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate. Competencies Good knowledge of Information Security, Business Continuity, and IT Audit methodology and concepts. Understanding of the banking industry's regulatory requirements for managing of third parties Ability to articulate risk management concepts in business language. Excellent written and verbal communication skills. Proficient with Microsoft Office Suite. Prior experience documenting tool requirements to support risk management. Proven ability to manage issues through to resolution; skilled at making judgment calls. Ability to successfully multitask and complete difficult assignments within deadlines which may have short lead times. Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework. Knowledge of the English is required Knowledge of data analysis and visualization tools such as Tableau, Power BI, VBA is a plus Conduct Be a role model, supporting and fostering a culture of good conduct. Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks. Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure.
