Consultant

About BNP Paribas Group:

BNP Paribas Group is a leading European bank with a strong global footprint across 72 markets and more than 202,000 employees. The Group provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships”.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas Group, a leading bank in Europe with an international reach. With delivery centers located in Mumbai and Chennai, we are a 24x7 global delivery center. We partner various business lines of BNP Paribas such as Corporate and Institutional Banking, Wealth Management, Retail Banking through three verticals - Information Technology, Operations and Finance Shared Services.

About Business line/Function : BP2S IT Risk and Cyber Security

 Security risk management policy (SRM-L2-00), and aligned with the Group 2OPC approach related to risks cartography (CG0121EN and COP0028EN).

Cross references to Risk analysis methodology user guide (SRM-L4-01) are also provided to aid comprehension of the risk analysis methodology proposed by GGS (which is based on EBIOS methodology).

Risk level is the combination of the severity of impacts (or consequences), that can be assessed through the Impact Severity Matrix sheet, and of the likelihood for a feared event, that can be assessed though the likelihood Matrix sheet.

For Impact study please consider the below support information:

Impact severity level is used to assess risk level (in combination with likelihood of threat scenarios) and relies on the potential consequences of a feared event on an essential asset (to be assessed by the business).

 For a feared event, the severity level can be different depending on each type of impact. Hence, the final severity level for each feared event should correspond to the highest severity level assessed amongst all impact types;

 Criticality of assets is bound to security needs, to be evaluated for Confidentiality, Integrity, Availability, and Traceability (combines Non-repudiation and Authenticity);

 Sensitivity is used to describe the criticality of data and information. Sensitive data hence means that this data or information is a critical asset, in particular in terms of Confidentiality (but it may also concern other security needs);

 Although impacts with high severity levels are more likely when essential assets are concerned, criticality level is not directly used to calculate risk level (severity level is used instead).

Job Title:

Senior Associate

Date:

01-Jun-2022

Department:

BP2S – IT Continuity and Cyber Security

Location:

Chennai

Business Line / Function:

BP2S – IT Security and IT Risk

Reports to:

(Direct)

Sundar LOGANATHAN

Grade:

(if applicable)

(Functional)

Number of Direct Reports:

Directorship / Registration:

NA

Position Purpose

Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the team’s goal.

To Manage BP2S Global IT Security and Cyber Risk activities from Chennai as extended team of Paris IT Security & Cyber Governance team.

Should be able to do Application Security Review process

Vulnerabilities and Access management at Application and Server level.

To Manage IT Continuity for BP2S Global IT Continuity and Cyber Security Team.

The Information Continuity Specialist’s mission is to participate in the overall management of IT Continuity risks and mitigation measures.

He/She fosters the community of BNP Paribas Securities Services IT Continuity in close connection with Group business continuity, the Group Security and permanent control.

He/She plays a part of coordination and assistance on the IT area in order to ensure the good professionalization and the organization based on the requirements, methodologies and tools used.

He/She has the role of monitoring and controlling the IT Continuity within the entity, to collaborate and communicate with the IT Continuity Teams in other locations.

Responsibilities

Direct Responsibilities

REMEDIATION ACTIONS IMPLEMENTATION FOLLOW-UP

• To consolidate and maintain the list of the critical IT assets of the entity;
• To ensure the quality of the IT Continuity data in referential;
• To monitor the plans of regular exercises;
• To consistently follow-up and chase for open topics until closure is achieved;
• To collect IT Continuity documentation and evidences from projects, studies and IT production from all locations;
• To interface with permanent control agents and teams to provide required evidences.
•  Recommendation IG
•  Action Plans Incidents

KEY INDICATORS MONITORING (KMP / KPI / KRI)

IT Security COMMUNICATION, SUPPORT & GOVERNANCE

QUESTIONNAIRES TREATMENT

REPORTING & ALERT

BP2S and ISPL IT Security Team and IT Continuity Team.

Contributing Responsibilities

APAC – IT Security Governance 

To deals with assurance engagements undertaken by an auditor to provide a report for use by user entities and their auditors on the controls at a service organization that provides a service to user entities that is likely to be relevant to user entities' internal control as it relates to financial reporting.

Technical & Behavioral Competencies

•  
• Knowledge and Experience Requirements:
  • Demonstrated integrity in a professional environment;
  • Working professional proficiency in spoken and written English is mandatory;
• Soft skills required:
  • Ability to work with teams in multiple geographical locations;
  • Critical and constructive spirit;
  • Good interpersonal skills;
  • Integrity;
  • Resiliency;
  • Problem solving skill;
  • Open minded;

Specific Qualifications (if required)

• Degree in BE Computer Science, Information Systems, or a related field.
• Experience:  >=5 years of experience in Information Technology activities;
• Certificate – On Cyber Security or IT Security or Network Security.