Senior Associate - Third Party Technology Risk Management (TPTRM)

This role will be responsible for supporting the Third-Party Technology Risk Management team in identifying and evaluating potential/ recognized risks related to Information Security, Business Continuity and Physical Security. The 3rd Party Security Risk Assessor, reporting to the Manager, Third Party Risk Management team that performs security assessments of vendors, service providers and 3rd party companies that manage systems or information for BNP Paribas

Responsibilities

information and cyber security assessment

Risk Assessor role requires good risk experience & technology expertise (areas of information and cyber security, business continuity, incident management, compliance, and human resource security) in accurately scoring the inherent risk profile of 3rd parties, making sure the risk assessments are completed on time with quality. In addition, the role requires the ability to prioritize and drive workload.

Evaluating control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to review of: ISO 27001, SIG (Shared Assessments), TruSight, SOC / equivalent reports, as well as knowledge of controls related to Privacy, Compliance, Business Resiliency, Cyber and other risk domains.

Work with Line of business partners, by navigating them through the different stages of the risk assessment life cycle and making sure that they are being compliant to the organization requirements.

Communicate assessment findings and recommendations to internal stakeholders, including senior management, legal, and compliance teams as applicable.

Monitor and track the identified findings as part of the assessment lifecycle.

Actively participate in identifying process gap and should be ready to own and update/ document relevant TPTRM policies and procedures

Support Internal and external TPTRM audit requirements

Compile and generate Weekly/Monthly/Quarterly dashboard on KPI

Ideally in financial services with minimum of 5+ years of experience in TPRM or Risk management background.

Bachelor's degree with professional certification in Information, Cyber, Network and Cloud Security.

Experience with industry recognized standards for IT security controls and best practices like NIST, ISO27001, PCI DSS, COBIT, SOC 2 etc.

Experience in one or more risk disciplines an advantage i.e., Information Security, Business Continuity, Data Privacy etc.

Experience in Governance, Risk & Compliance (GRC) tools an advantage.

Experience in providing stakeholders with specialist risk knowledge and monitoring its execution.

Strong self-motivated multi-tasker who can prioritize competing tasks and stakeholders.

Ability to work independently in a fast adapting and agile work environment.

Proactive and deliverable focused, with a dedication to delivering against hard deadlines.

Excellent analysis skills with keen eye for detail.

Strong capabilities in Microsoft Excel, PowerPoint, and Word.

Familiarity with vendor management, procurement, and contract negotiation.

Ability to communicate effectively with both technical and non-technical stakeholders.

Strong analytical and problem-solving skills.

Other/Specific Qualifications

Certifications such as Certified Third-Party Risk Professional (CTPRP) or Certified Information Systems Security Professional (CISSP), CISA, CISM are a plus.

Frameworks ISO27001, NIST, GDPR, DORA, DPDP