The Information and
Communications Technology (ICT) Risk department is part of the Group RISK ORC
Functions within BNP Paribas. It is a part of the 2nd Line Of Defence (2LOD)
under the Bank’s Chief Cyber & Technology Risk Officer. Among others, the
department has responsibility for identification of key technology risks to the
Bank and influencing business and technology partners to take sound risk
This is achieved by
& Infrastructure Risk Assessments working with the Business and
Technology teams to identify security issues in existing and new systems,
and agree corresponding actions to mitigate or accept risks. Tracking
issues and agreed actions to completion.
Risk Assessments: Assessing technology risks in relation to a particular
theme or technology across the organization. Examples could be assessments
of the firewall change process, applications processing >$5m per day,
applications hosted in the cloud, etc.
- Vertical Risk
Assessments: Assessing risks to a product, service, technology or
infrastructure. For instance we may complete a vertical assessment on our
remote working solution (including Infrastructure, applications, data,
threats etc.) or our Internet connectivity.
- Partnership to
the Business and Technology teams in helping them understand their
technology risk profile and influencing their risk management decisions.
The Global Operational Resilience & Crisis Management program
within RISK ORC ICT is a critical component in ensuring the Group’s ability to
prevent disruptions to its critical services from occurring, continue to meet
its objectives if a disruption or incident does occur and return to normalcy,
when disruption or crisis is eliminated. This applies to Cyber, Technology,
Supply chains, physical infrastructure and People.
The above is achieved through main teams such as Cyber Detection
(including Cyber Fraud), IT Resiliency, Business Continuity Oversight and
The position of Cyber Fraud & Forensic specialist
will be responsible for providing Cyber Forensic expertise within RISK ORC ICT
and support in Cyber Fraud investigation matters.
conduct Cyber Forensic activities related to data breach and security
incidents, including but not limited to.
- Recover and
examine data from systems and electronic storage devices.
- Dismantle and
rebuild damaged systems to retrieve/investigate lost data.
additional systems/networks/databases/applications compromised by cyber
- Preserve data
from a variety of platforms and sources; including laptops, desktops,
servers, cloud services, mobile devices, and storage media in a manner
that follows industry best practices and maintains forensic integrity.
- Operating and
maintaining a Digital Forensics Lab Environment, including all
technologies, evidence, and processes.
abreast of emerging technologies, software and methodologies.
research, design, and train personnel on internally designed technologies;
evaluate emerging forensic technologies and provide operational security
proficient in forensic, response and reverse engineering skills.
Provide independent risk opinion and challenge on
Cyber Forensic Reports by First line of Defense teams.
AND OCCUPATIONAL EXPERIENCE
• Bachelor’s degree
from an accredited college/university or equivalent work experience in Computer
Science, Information Technology, or a similar discipline.
• Demonstrate and
maintain a proficiency forensic investigation techniques using a variety of
commercial and open source digital forensic tools (e.g., EnCase, FTK, X-Ways,
SIFT Workstation, NUIX).
maintaining one or more professional certifications related to Digital
Forensics or Incident Response (e.g., GCFE, GCFA, GREM, EnCe, CFCE).
• Proficient in the
latest forensic, response, and reverse engineering skills and astute in the
latest exploit methodologies.
• Experienced with
conducting Incident Response and Forensic investigations within a global
enterprise across multiple platforms and technologies.
• Ability to
independently investigate complex cases including cyber security incidents,
intellectual property theft, fraud and abuse, asset misuse, and violations of
• Familiarity with
malware analysis and signature & hash analysis.
• Demonstrate a
strong understanding of hardware architecture, connection types, file system
and internal system artifacts a variety of operating systems (e.g., Windows,
UNIX, Linux, Mac OSX).
• General working
knowledge of networking protocols, security technologies, and application
• Ability to
interpret device and application logs from a variety of sources (e.g.
Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.) to
identify anomalies or evidence of compromise.
information security certifications such as CISSP, CISA, GCCC, CISM, CRISC,
CEH, OSCP or Security+.
• Mastery of
delivering formal deliverables such as PowerPoint presentation, reports or
ability to communicate effectively and to present in a structured approach.
• Mastery of MS
• Good knowledge of
ability to communicate effectively with stakeholders and technical staff.
• Excellent written
and verbal communication
• High Level of
• High Level of
French will be a plus
Possesses excellent report writing skills and the
ability to present findings to management, legal and business leaders.
Good listening and analytical skills – being able to
come to a thoughtful and business focused conclusion quickly.
Ability to co-operate and work well with others
adopting an approachable style – Important as we work closely with a large and
diverse set of suppliers and customers.
Ability to see the customer perspective, i.e. from a
business point of view, the most secure solution is not always workable or
realistic considering costs and benefits.
Demonstrating a calm professional approach, with a
good understanding of delivery within time constraints and the need to
escalate/inform departmental management as appropriate.
Adapting personal approach to suit situations,
individuals, groups and cultures. Is flexible in relation to getting the job
Taking accountability for their actions and be open
and honest when things have gone wrong, and celebrating successes when things
have gone well.
- Being rigorous and thorough – especially when
logging and tracking issues through to conclusion.
- Ability to manage their workload as to meet the
realistic targets and priorities set in conjunction with management.
- Demonstrating a high-level of commitment and
self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business.
- Ability to express views clearly and fluently, both
orally and in writing. Considers the audience, avoiding technical jargon
wherever necessary and appropriate.
Works iteratively, delivering quickly and frequently
to produce high quality documents and outputs which require little to no rework.
Role model, promotion of a culture of good conduct and
contribution to maintaining such a culture.
Demonstrate proactivity, transparency and
accountability for identifying and managing conduct risks.
Consider the implications of your actions on
colleagues, partners and clients before making decisions, and escalate issues
to your manager when unsure.
Prepared to travel internationally.
Has the proven ability to think outside of the box,
challenge industry norms and adapt quickly to evolving requirements.
Excellent in the ability to understand how and why
processes and solutions are designed to deliver specific outcomes.
Is self-aware, anticipates problems, adapts and meets
them head on.
Strong stakeholder management, relationship building,
influencing, facilitating and presenting skills.
Is solutions focused – measures their output on
whether issues, problems or challenges are resolved as a criteria for success.