Information Security Professional

**About BNP Paribas Group**:
BNP Paribas is a top-ranking bank in Europe with an international profile. It operates in 71 countries and has almost 199 000 employees. The Group ranks highly in its three core areas of activity: Domestic Markets and International Financial Services (whose retail banking networks and financial services are grouped together under Retail Banking & Services) and Corporate & Institutional Banking, centred on corporate and institutional clients. The Group helps all of its clients (retail, associations, businesses, SMEs, large corporates and institutional) to implement their projects by providing them with services in financing, investment, savings and protection. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas enjoys leading positions in Europe, a strong presence in the Americas and has a solid and fast-growing network in the Asia/Pacific region.
**About BNP Paribas India Solutions**:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, a leading bank in Europe with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 6000 employees, to provide support and develop best-in-class solutions.
**About Businessline/Function**:
CIB Security & IT Risk provides information security services for the BNP Paribas Group. The IT Security Professional role is based in Mumbai and will work as part of a global team covering security risks and associated activities in multiple locations across EMEA, AMER & APAC.

**Job Title**:
Information Security Professional

**Date**:
29 April 2020

**Department**:
CIB Security & IT Risk

**Location**:
Infinity Mumbai

**Business Line / Function**:
**Reports to**:
(Direct)

**Grade**:
(if applicable)

(Functional)

**Number of Direct Reports**:
NA

**Directorship / Registration**:
NA

**Position Purpose**:
The purpose of the position is to help with the information security topics mentioned in the direct responsibilities.

**Responsibilities**

**Direct Responsibilities**:

- Good understanding of Information Security concepts and strategies.
- Knowledge of Secure Development methodologies and frameworks.
- Hands-on experience in penetration testing and tools like AppScan, Webinspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity
- Well-versed in conducting Security Review, Assessments and providing recommendations.
- Knowledge of OWASP, SANS standards.
- Experience in Process Improvement, Controls Enhancement and Reporting.
- Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate.
- Engaging with organization wide risk and control groups, including internal audit and territory control teams.
- Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulating appropriate remediation strategies based on full understanding of business exposure and compensating controls.
- SPOC for security architecture meetings.

**Contributing Responsibilities**:

- Monitoring and oversight of existing IT risks, working collaboratively with stakeholders in ensuring plans are managed within timescales and escalating where appropriate.
- Managing relationships with Business and IT teams, chairing periodic meetings and being a point of contact for escalating to wider team members.
- Assistance with drafting of risk acceptance statements and coordinating sign-off from business and IT stakeholders.

**Technical & Behavioral Competencies**:

- Excellent Inter personal and presentation skills
- Strong in verbal and written communication
- Ability to liaise with cross-functional stakeholders globally
- Must be flexible, independent, self-motivated
- Good analytical skills

**Specific Qualifications (if required)**:

- CEH, SSCP, OSCP certified.
- Technical Graduate (Computer Science) Preferable.

**Skills Referential**

Behavioural Skills:
Ability to collaborate / Teamwork

Critical thinking

Communication skills - oral & written

Ability to deliver / Results driven

Transversal Skills:
Analytical Ability

Ability to manage a project

Ability to develop others & improve their skills

Ability to manage / facilitate a meeting, seminar, committee, training

Choose an item.

Education Level:
Bachelor Degree or equivalent

Experience Level

At least 5 years

**Other/Specific Qualifications **(if required)