Nous recherchons un

APAC Data Protection Investigation & Remediation Lead (EOI) - VP

Marque BNP Paribas
Niveau d'expérience 6 à 10 ans
Niveau d'études Niveau BAC+2/3
Postuler REF: ITO001401

In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 17,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships. 
 
Worldwide, BNP Paribas has a presence in 73 markets with more than 196,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.

BNP Paribas offers you an exciting career in an international business environment that is fast-paced, diverse and focuses on creating high-value relationships with our clients. We offer competitive salary and benefits, as well as a working environment where you’re valued as part of the team.

* excluding partnerships

https://careers.apac.bnpparibas/ 


Position Purpose
The Data Protection Investigation & Remediation Lead is responsible for a team of onshore and offshore Incident Response Officers who analyze potential data breaches and manage confirmed incidents with stakeholders through the agreed process, with a strong focus on mitigating regulatory and business risks.


Responsibilities

DLP INCIDENT REMEDIATION
•    Directly process various types of data breach incidents, collect evidence and coordinate every aspect of investigations using all available information sources
•    While processing alerts and incidents, coordinate the work of remediation stakeholders, both local and regional
•    Collect findings, identify root cause, and propose long-term solutions which support business processes
•    Liaise with IT support teams to gather additional evidence and access necessary data
•    Prepare incident documentation (notifications, assessments, reports, post-mortem, etc.) 
•    Escalate issues in an effective manner and resolve them with managers and the rest of the team 
•    Work towards the established internal OLA and the SLA agreed with business stakeholders


ORGANIZATION & MANAGEMENT
•    Manage data leakage remediation staff, provide mentoring and coaching to them
•    Optimize response times by actively assigning remediation actions among DLP response officers
•    Refine the BAU capacity plan and advise the program manager on resource sizing
•    Maintain the incident remediation SOP and workflows, including the treatment of new cases, exceptions, impact of organization changes, etc.
•    Standardize all communication around incidents (notifications, reports, assessments, post-mortem, etc,)
•    Produce accurate and actionable KPI and KRI for both internal use and for management dashboards 
•    Understand reporting needs and design customized DLP reports
•    Suggest improvements to awareness campaigns. training sessions. workshops, tailored to employees of the various entities
•    Contribute to the preparation and delivery of workshops and tabletops to educate users
•    Improve information security documentation as required, and develop a set of best practices for the BAU
•    Establish a work charter with Cyber Security team and partner with them On monitoring and investigation
•    Assist in the preparation of steering committees and risk assessment updates


CONTINUOUS IMPROVEMENT
•    Gain an understanding of sensitive data within the organization, business processes, data life cycles, and data privacy requirements from business and regulatory perspectives
•    Develop a research activity focusing on user behavior analysis in order to enhance Our ability to capture serious breaches and to customize awareness messages
•    Improve operational risk management. Execute and document first-level controls and partner with IT OPC for second-level validation
•    Proactively suggest new use cases based on investigation results and user behavior analysis. Provide input to the Requirement Manager on the maintenance and design Of DLP rules
•    Conduct regular reviews of DLP incidents with Business & Compliance to improve data classification and business knowledge within the DLP team
•    Contribute to maintaining a reputation of excellence and professionalism vis a vis all senior management 
 


Technical & Behavioral Competencies

•    Proven experience in IT Security
•    Excellent understanding of data protection challenges and risk management within a large organization, and especially a bank
•    Experience with Data Leakage Prevention, evidence gathering and analysis, and possibly forensic investigations
•    Familiar with regulatory requirements on data privacy and data protection in main APAC countries 
•    At ease with engaging very senior stakeholders for the purpose of incident remediation
•    Possesses technical background in Messaging, Web, and End-user Computing
•    Experienced with process definition and documentation
•    Exercises authority to lead team members to deliver as committed, and pushes them to keep ownership of their work
•    Is willing to take accountability for deliverables
•    Is hands-on, problem-solver, and result-driven
•    Is adept at direct, face-to-face communication, and able to take shortcuts
•    Is highly dynamic and motivated
•    Possesses excellent interpersonal skills
•    Is able to prepare simple and high-impact communication material
•    Experience in an audit or a compliance role is a plus


Specific Qualifications (if required)

-    Possesses at least one IT Security certification among CISSP, CISA, CISM and ISO/IEC 27001

 

Primary Location: SG-06-SingaporeJob Type: Standard / PermanentJob: INFORMATION TECHNOLOGYEducation Level: Bachelor Degree or equivalent (>= 3 years)Experience Level: At least 10 years Reference: ITO001401