About BNP Paribas Group:

BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

About Business line/Function: 

RISK Operational Risk Management (RISK ORM) belongs to the second line of defense of BNP Paribas. It belongs to the Risk Function (RISK) of BNP Paribas and is placed globally under the responsibility of the Group Chief Risk Officer.
 The Independent Control Testing team within ISPL RISK ORM provides support to RISK ORM function globally, whose mission is to provide front to back consolidated view on operational risks activities in order to contribute to the reduction of operational risk and to better respond to Regulator's expectations. 

Position Purpose: 

RISK is an integrated and independent function and is part of BNP Paribas control functions. It is the independent second line of defence (LoD2) on the risk management activities of the Group which are under its direct responsibilities, including credit and counterparty risk, market risk, funding and liquidity risk, interest rate and foreign exchange risks in the banking book, insurance risk, operational risk and environmental and social risks. RISK aims at being a partner of the businesses by contributing to their sustainable development, but also a gatekeeper to ensure risks taken remain within the Group’s Risk Appetite, tolerance and its strategy. RISK teams engage in an upstream dialogue with businesses to better understand their strategy, objectives and then express professional opinions and recommendations.

Within the RISK function, RISK ORM is organised in 3 Poles: RISK ORM Framework, RISK ORM Network and RISK ORM Cyber, Technology, Fraud and Resilience Risks (CTFR).  The mission of the RISK ORM Cyber, Technology, Fraud and Resilience (CTFR) team is to define and develop frameworks and standards for the Group to ensure effective and proactive management of current and future anticipated risks, understanding regulatory expectations and translating these to business practices. In collaboration with other key Functions, these frameworks, training, measurement, governance and thought leadership, its mission is to raise awareness, drive ongoing advancements, identify/improve maturity and manage transformation for the group. 

Artificial Intelligence (AI) is transforming the operational landscape of BNP Paribas and is at the centre of the Group’s digital strategy. This rapid AI adoption introduces a spectrum of operational risks that must be carefully managed, such as cybersecurity and third-party risks. In addition, AI has the potential to amplify threats and risks related to personal data protection and data quality. With high regulatory expectations and potential sanctions for Banks in their failure to prevent or mitigate operational risks related to AI and data, the role of the AI ICT Operational Risk Officer is to oversee the adoption of Artificial Intelligence at BNPP Paribas, provide subject matter expertise to the community of worldwide community of Operational Risk Officers and provide independent opinion on the sound and prudent management of related ICT risks.

Key Responsibilities

I. AI ICT Risk Governance

•            Influence the design of the Group AI ICT governance, by participating in the enhancement of committees, policies, procedures, requirements, controls, guardrails etc.

•            Provide an independent opinion on the adequacy of the IT procedural corpus to address the characteristics of AI risks and comply with applicable laws and regulations.

•            Participate in AI Risk taskforces with other functions (e.g. RISK IRC, ITG, DPOs, Legal, etc) to improve AI governance, ensure compliance with regulations and ensure robust controls.

•            Provide input for presentations to Senior Management (e.g. Group AI Risk Committee, GITRC, CCIRC, Ad-hoc analysis, etc).

•            Track action items and ensure effective communication of updates and decisions

II. AI Projects Oversight & SME Support

•            Develop and deliver training materials on AI ICT risks for Operational Risk Officers (OROs).

•            Act as SME on AI technology risks supporting Operational Risk Officers in AI project reviews for AI initiatives in their entity or perimeter.

•            Stay abreast of the latest trends, threats, and regulatory developments in AI space.

•            Organize, coordinate and animate AI Risk Community Meetings with Operational Risk Officers and other stakeholders.

•            Maintain a consolidated view of AI projects reviewed by LoD2 to provide a view into AI projects as well as identifying common themes.    

III. AI ICT LoD2 Reviews

•            Develop work programs and methodologies to assess risks and controls over AI platforms, solutions/use cases, covering all ICT risks and technology aspects such as GPU deployments, RAG, GenAI Guardrails, Agentic AI, etc.

•            Conduct independent reviews and opine on the management of operational risks related to AI (either control design or control effectiveness).

Competencies (Risk Management / Technical / Behavioural)

The successful candidate will have a proven track record in managing risk and technology in large/global organizations with robust knowledge of technology, risks and controls, IT and cloud risk and cyber security, operational resilience, and third-party technology risk management. Prior ICT risk experience in the Financial Services industry is a must. Experience with risk management tools and information systems is beneficial.

Risk Management Skills:

•            Understanding of operational risk management frameworks, methodologies, and their application to AI risks as Second Line of Defense (LoD2).

•            Experience in conducting IT risk assessments of enterprise-scale IT solutions in a global financial services organization (as IT Security professional, IT Auditor, Software Tester, etc).

•            Knowledge of AI Technology and associated risk management practices; from a software engineering and data sciences standpoint.

•            Knowledge of cybersecurity threats specific to the AI and Generative AI space.

•            Familiarity with AI Security frameworks such as OWASAP Top 10 LLM & Generative AI Security risks and industry standards like ISO 42001 AIMS is a significant advantage or being able to map these using common sense and AI technology context.

•            Knowledge of legal and regulatory requirements for AI globally for the financial services sector.

•            Understanding of Generative AI large language models technology and Machine learning domain.

•            Understanding of AI alignment principles and frameworks like Responsible AI to ensure that AI models behave responsibly and align with human values.

Technical Skills:

•            Knowledge of large language models (LLMs) such as GPT, BERT, T5, and exposure in fine-tuning and deploying these models for enterprise applications, prompt engineering, and RAG implementation.

•            Experience in prompt engineering for various AI models, including batch prompting, prompt chaining, and input/output validation.

•            Knowledge of AI orchestration tools including LangChain, CrewAI, or similar frameworks.

•            Knowledge of vector databases, embedding models, and semantic search.

•            Knowledge of GPU infrastructure, inference topics, such as virtualization, and optimization.

•            Exposure to security in MLOps/LLMOps practices including CI/CD for AI applications.

•            Knowledge of semantic search techniques powered by LLMs for enabling advanced search functionality over large datasets.

•            Knowledge of generative AI models using transfer learning and fine-tuning frameworks (e.g., OpenAI Fine-Tuning API).

•            Knowledge of cloud AI services such as AWS SageMaker, Google Cloud AI Platform, and Azure Machine Learning to deploy and monitor AI/ML models.

•            Knowledge of GPU/TPU-powered environments in cloud-based AI model training, including knowledge of the GPU/LLM market and hardware optimization.

•            Know-how of big data analytics tools like Apache Spark, Hadoop, and Kafka, particularly in AI/ML contexts.

•            Exposure in setting up data pipelines and managing data lakes for large-scale AI/ML and GenAI applications (e.g., AWS Glue, GCP Dataflow, Azure Data Lake).

•            Experience in AI ethics, including bias mitigation, fairness, and compliance in AI model design and deployment.

•            Familiar with open-source and closed-source AI models, with experience in evaluating the trade-offs and costs of using each for enterprise AI deployments.

•            Knowledge of AI agents and integration approaches of LLMs with external applications (e.g., AutoGen framework for building autonomous agents).

Behavioral / Transversal Skills

•            Strong written and verbal communication skills, with the ability to articulate complex technical and risk-related concepts clearly and concisely to both technical and non-technical audiences.

•            Ability to work independently, manage multiple complex tasks, and prioritize effectively in a fast-paced environment.

•            Excellent analytical and problem-solving skills with the ability to independently assess complex risks and develop effective solutions, including market knowledge of AI risk management tools.

•            Strong attention to detail and a commitment to accuracy and thoroughness.

•            Ability to collaborate effectively with cross-functional teams and build strong working relationships.

•            Ability to articulate risk management concepts in business language

•            Excellent written and verbal communication (English)

•            Proficient with Microsoft Office Suite and collaboration tools.

•            Proven ability to manage issues through resolution.

•            Ability to successfully manage multiple assignments within deadlines which may have short lead times.

Conduct

•            Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks.

•            Consider the implications of actions on colleagues, partners and clients before making decisions and escalate issues to manager when unsure.

Specific Qualifications Required

•            Bachelor’s or Master’s degree with specialization in IT, Cybersecurity, Computer Science, IT Risk Management, or a related field. A master’s degree is a plus.

•            Training and certifications in AI risk such as NIST AI Risk Management Framework training, Professional Certification in AI / ML with rusk modules or Certified AI Risk Management Specialist are an asset.

•            At least 5 years or more experience or practical understanding in ICT risk management

Education Level: Bachelor’s or Post graduate degree 

Location: Mumbai