Information Security Professional

About BNP Paribas Group:
BNP Paribas is a top-ranking bank in Europe with an international profile. It operates in 71 countries and has almost 199 000 employees. The Group ranks highly in its three core areas of activity: Domestic Markets and International Financial Services (whose retail banking networks and financial services are grouped together under Retail Banking & Services) and Corporate & Institutional Banking, centred on corporate and institutional clients. The Group helps all of its clients (retail, associations, businesses, SMEs, large corporates and institutional) to implement their projects by providing them with services in financing, investment, savings and protection. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas enjoys leading positions in Europe, a strong presence in the Americas and has a solid and fast-growing network in the Asia/Pacific region.

About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, a leading bank in Europe with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 6000 employees, to provide support and develop best-in-class solutions.

About Businessline/Function:
CIB Security & IT Risk provides information security services for the BNP Paribas Group. The IT Security Professional role is based in Mumbai and will work as part of a global team covering security risks and associated activities in multiple locations across EMEA, AMER & APAC.

Job Title:
Information Security Professional

Date:
Department:
CIB Security & IT Risk

**Location**:
Mumbai

Business Line / Function:
CIB Security & IT Risks

Reports to:
(Direct)

Grade:
(if applicable)

(Functional)

Number of Direct Reports:
Directorship / Registration:
NA

**POSITION PURPOSE**:
The purpose of the position is to help with the information security topics mentioned in the direct responsibilities.

**Responsibilities**

**DIRECT RESPONSIBILITIES**:

- Follow issues detected and supporting elaboration of action plan and determining the right criticality of vulnerabilities/non-compliances.
- Log/Track ticketing in a dedicated tool (Jira based) and follow-up with different stakeholders.
- Support regular preparation of OpCos with B-CISOs.
- Monitoring & Reporting (to support dashboard to senior management on a monthly basis).
- Strong authentication Implementation follow-up, advising on the processes involved.
- Support to audit and internal control (internal and external e.g. IG mission, OPC...).
- Risk re-qualification (residual risk) and support to Risk Acceptance and Waiver management.
- Challenge the results and ensure remediation options are appropriate and implemented in a timely manner.
- Provide expertise on discovered vulnerabilities and to mediate / arbitrate disputes between developers and security testing teams.
- Engage with organization wide risk and control groups, including internal audit and territory control teams.
- Work with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulating appropriate remediation strategies based on full understanding of business exposure and compensating controls.
- Work with Technology stakeholders (including Production Support and Development teams) to ensure that remediation identified during security controls are fully understood and implemented.

**CONTRIBUTING RESPONSIBILITIES**:

- Monitoring and oversight of existing IT risks, working collaboratively with stakeholders in ensuring plans are managed within timescales and escalating where appropriate.
- Managing relationships with Business and IT teams, chairing periodic meetings and being a point of contact for escalating to wider team members.
- Assistance with drafting of risk acceptance statements and coordinating sign-off from business and IT stakeholders.

**TECHNICAL & BEHAVIORAL COMPETENCIES**:

- Good understanding of Information Security concepts and strategies.
- Knowledge of Secure Development methodologies and frameworks.
- Knowledge of OWASP, SANS standards.
- Experience in Process Improvement, Controls Enhancement and Reporting.
- Excellent Inter personal and presentation skills
- Strong in verbal and written communication
- Ability to liaise with cross-functional stakeholders globally
- Must be flexible, independent, self-motivated
- Good analytical skills

**SPECIFIC QUALIFICATIONS (IF REQUIRED)**:

- CEH, SSCP, OSCP certified.
- Technical Graduate (Computer Science) Preferable.

**Skills Referential**

Behavioural Skills: (Please select up to 4 skills)

Creativity & Innovation / Problem s