Search by job, company or skills

IT Security Engineer - Risk & Cyber - Cybersecurity

BNP Paribas

    Highlights

    Job Description

    More Info

    Recruiter Info

5-8 Years
a month ago
67 Viewed
2 Applied

Job Description

  • Role of Wealth Management Cybersecurity Security Officer, being understood this role includes delegations from APAC WM CISO.
  • Participate to IT project security reviews conducted both on a global and APAC basis across all platforms. This requires the incumbent to foster close working relationships with other business areas and IT Development/Production teams.
  • The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator.
Direct Responsibilities
- Cybersecurity
o Ensure the protection of WM business data with an adequate security level of WM assets based on review processes
o Ensure the coordination with other IT security or other actors in the region or globally
o Assist for a Risk Treatment for any APAC WM issue, based on the processes
o Identify the IT security risks in advance, record and follow-up them
o Define and contribute to processes from cybersecurity perspective
o Periodic reporting of security status to IT Security Domain Head
o Ensure the regular reporting for management follow-up
o Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed.
o Ensure to onboard the Assets Applications in SIEM and handling BAU, create / update relevant documents.

- Production Security
o Ensure the effectiveness and success of vulnerability management process
o Ensure the compliance level of the production environment and integrate to reporting

- IT security compliance (delegation on WM APAC scope)
o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets
o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA)
o Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements
o Ensure the compliance with the Third-party Technology risks and the Cloud security
o Identify the process gaps and provide solutions

- Coordination with IT Security actors
o Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard)
o Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope.
o Coordination with the global security teams concerning integration of WM assets within production sites
o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group

Essential Technical Knowledge
  • Network protocols and network connectivity concepts; Firewall and Internet technologies Deep Knowledge
  • Secure application design and architecture principles including DevSecOps tools and practices (CI/CD) Deep Knowledge
  • Secure access control mechanisms: Encryption and Key Management techniques Deep Knowledge
  • Technical proficiency in various Operating Systems (Linux, AIX, Windows, AS400) and Databases (Oracle, MSSQL, PostGreSQL, MongDB Deep Knowledge
  • Knowledge of understanding digital transformation and mobile technologies and Cloud (Containers Docker, Kubernetes). Good
  • Knowledge of emerging technologies (NFT, encryption) Good
  • Knowledge in technologies like OAuth, Single Sign On, API based approach, TDD, BDD Good
  • Knowledge of standard IT Security concepts and methodologies Deep Knowledge
  • Deep understanding of cybersecurity threats and remediation options Deep Knowledge
  • IT Security Risk Assessment and Risk Management Good
  • IT Incident Management, CSIRT, DLP Good
  • IT Network Security (FW, WAF, Anti-DDos etc) Good
Essential Banking Knowledge
Banking Knowledge and understanding of Wealth Management specificities
  • General Knowledge
International and APAC banking regulations
  • Deep Knowledge
Essential Personal Skills
Communication skills Ability to interact throughout oral and written communication skills
  • Deep Knowledge
Provide leadership to various stakeholders in proactive manner
  • Deep Knowledge
Ability to provide an accurate reporting to the Management
  • Deep Knowledge
Must be motivated, and able to work independently as well as part of a team
  • Deep Knowledge
Must demonstrate ethical responsibility, maturity, and discretion
  • Deep Knowledge
Specific Qualifications (if required)
- 5 to 8 years experience in information security
- Management or leadership experience
- Experience in evaluation and design of technical architectures and processes
- Functional as well as technical knowledge of the common technical frameworks and solutions
- Knowledge of the Norms and Standards of the banking and cybersecurity industry
Other Value-added Competencies
- Advanced IT security certifications may be advantageous (such as CEH, ISO 270001:2013 ,CSK).
- Operational Risk and Permanent Control
Skills Referential
Behavioural Skills :
  • Creativity Innovation / Problem solving
  • Communication skills - oral written
  • Decision Making
  • Ability to deliver / Results driven
Transversal Skills:
  • Analytical Ability
  • Ability to develop and adapt a process
  • Ability to understand, explain and support change
  • Ability to manage a project
  • Ability to set up relevant performance indicators
Education Level: Bachelor Degree or equivalent

Other Value-added Competencies
- Advanced IT security certifications may be advantageous (such as CEH, ISO 270001:2013 ,CSK)
Follow
Save
Report

Similar Jobs

Lead IT Risk and Security Engineer

Company Name Confidential

People also considered

DelhiBengaluru / BangaloreNoidaMumbaiHyderabad / Secunderabad Telangana
Last Updated: 09-08-2024 10:15:07 AM
Home Jobs in Chennai IT Security Engineer - Risk & Cyber - Cybersecurity