Assistant Manager - IT Security Risk Management

About BNP Paribas India Solutions

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union's leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines : Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

About BNP Paribas Group

BNP Paribas is the European Union's leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity : Commercial, Personal Banking & Services for the Group's commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realize their projects through solutions spanning financing, investment, savings and insurance. In Europe, BNP Paribas has four domestic markets : Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind, and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

About Business Line / Function

The Information Security and Business Continuity Management department safeguards the confidentiality, integrity and availability of the bank's data and systems while ensuring that essential business processes can continue or be rapidly restored after disruption. It defines and enforces security policies, conducts risk assessments, monitors threats and leads incident response, and identifies critical services, creates and tests continuity and disaster-recovery plans, and maintains recovery-time objectives. By aligning with regulatory requirements, reporting to senior management and providing training across the organization, the department protects client trust and guarantees uninterrupted service delivery, reinforcing the bank's overall resilience.

Position Purpose

The IT Security Risk Manager is responsible for governing the bank's security exception process, ensuring that all applications meet the defined security control standards, and embedding risk management practices across the technology landscape. The role safeguards the confidentiality, integrity, and availability of information assets while supporting business agility through disciplined, risk based decision making.

Responsibilities

Direct Responsibilities

• Log and assess exception requests, evaluate residual risk, obtain formal approvals, track remediation and escalate overdue items.
• Ensure periodic security control reviews of new / changed applications have been performed for the requirements mentioned in the group wide policies, and noncompliance controls are being tracked with remediation action.
• Perform periodic risk assessments of IT assets, platforms, and processes, quantifying likelihood and impact in line with the bank's risk rating methodology.
• If required, Support internal and external audits by supplying evidence of risk treatment actions, exception handling, and compliance with standards (such as 27001, NIST 800 53, PCI DSS, GDPR and / or Basel III cyber resilience) expectations.
• Ensure that security requirements are intact as per regional or global policies.
• Act as the primary liaison between security, IT operations, development, and business units to align on risk appetite and security expectations.
• Continuously review and streamline the exception approval workflow and application security compliance processes to increase efficiency and auditability.
• Contribute to the development and maintenance of security policies, standards and guidelines.

Experience Range : 5 to 9 years

Level : Assistant Manager

Skills Required

Pci Dss, Risk Management, Gdpr, basel iii