About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.
About BNP Paribas Group:
BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability
Commitment to Diversity and Inclusion
At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.
About Business line/Function:
ITG is a group function established recently (2019) in ISPL with presence in Mumbai, Chennai. We collaborate with various business lines of the group to provide IT Services.
BNP PARIBAS, the leading bank in the European Union and a leading international player, is seeking to complement and reinforce its existing teams in the areas of IT risk management, cybersecurity and the fight against digital fraud.
Job Title:
Cyber Security Engineer
Date:
Department:
CDF. IN
Location:
Mumbai
Business Line / Function:
ITG Central
Reports to:
(Direct)
Service Delivery Manager
Grade:
(if applicable)
(Functional)
Number of Direct Reports:
Directorship / Registration:
NA
Position Purpose
The main responsibility of Cybersecurity personal is to develop and implement integrated solutions in the IT risk management policy approach.
Responsibilities
Direct Responsibilities
- Define and implement the needs regarding Cybersecurity within the ITRMG referential framework and IT system development projects
- Organize regular reviews of IS component source codes and ensure that the vulnerabilities identified are remedied
- Design application security or related architectures (API, services, etc.)
- Perform the security review of applications by enforcing security requirements
- Organize project support for securing applications/sensitive data during application development lifecycle for software development projects
- Ensure that security, operational risk and remediation plans are properly managed
- Define a communication, training and/or cyber culture awareness raising program
- Assist and provide advisory services for operational staff (Remote access, Privileged account, Exception management)
- Prepare reports, risk measurements and the relevant management information
- Execute risk and cyber security permanent controls based on the group generic ICT control plans
- Cyber Resilience opinion: Participate in the analysis of cyber resilience and cyber fraud documents
- Provide IT & Cyber risk management (IT, Cyber, Operational Resilience) advisory and guidance to the stakeholders involved
Contributing Responsibilities
- Contribute to overall department and ISPL Vision goals as directed by Dept. head and Manager
- Build a thorough understanding of Global Cybersecurity posture of the Bank in order to provide high impact risk analysis to protect the firm.
- Contribute to classify the applications based on data confidentiality, integrity, availability and traceability, in order to obtain an end-to-end view of the most critical IT assets/sensitive data.
- Contribute towards the identification of KPIs for the Operational Resilience Dashboards. Publishing the dashboard on regular basis.
Technical & Behavioral Competencies
Functional Skills
· Experience in IT Risk and Cyber Security domains in a financial institution demonstrating a high-level of commitment and self-motivation.
· Experience in the Finance & IT industry with a strong exposure to IT Operations, Application Security, SOC/SIEM, and/or network administration, IPS
· Strong demonstrated knowledge of cybersecurity, cyber risk and cyber threats
· Risk knowledge and awareness of risks combined with enthusiasm and a genuine interest in the role of Risk Assessment, Risk Analysis in business and providing Risk Opinion as a subject matter expert.
· Working knowledge of global threats to international cyber security, and conversant in the tactics, techniques and procedures used by cyber adversaries.
· Demonstrates a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate;
· IT knowledge
Technical :
- Good understanding of organizations and IT Businesses
- Good technical understanding of infrastructures and IT Security Productions and Systems
- IT risk analysis and management methods
- Knowledge of Cyber Resilience, IT continuity and business continuity
- Knowledge of application code analysis (SAST/SCA), infrastructure scan (Qualys IVS)
- GRC - Governance, Risk Management and Compliance Management.
- A good understanding of large-scale technology infrastructure and SOC/CERT operations.
- Should have worked with Risk Management Tools
- IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc.
- Network protocols and network connectivity concepts; Firewall and Internet technologies; Cloud Security, Banking Tools & Technologies;
- Secure access control mechanisms; Encryption and Key management technics
Behavioral :
- Strong Communication, Analytical and problem-solving skills.
- Proven organizational skills with excellent multi-tasking, result oriented and prioritization skills
- Good documentation and reporting skills
- Ability to work independently
- Strong communication and interpersonal skills, able to communicate and relate easily with IT, Finance and back office users
* Good communication, technical writing/diagramming skills
* Attention to detail and accuracy
* Capacité for créativité and innovation
* Self-discipline
Specific Qualifications (if required)
- One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CRISC, CEH, OSCP or Security+.
- IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc.
- IT Auditing (ISO27001, ISO27005)
- Regulatory Compliance
MBA in Finance/Systems/IT, Bachelor of Commerce, Master in Commerce, Bachelor in Science
Skills Referential
Behavioural Skills: (Please select up to 4 skills)
Communication skills - oral & written
Ability to collaborate / Teamwork
Creativity & Innovation / Problem solving
Ability to deliver / Results driven
Transversal Skills: (Please select up to 5 skills)
Ability to develop and adapt a process
Choose an item.
Choose an item.
Choose an item.
Choose an item.
Education Level:
Bachelor Degree or equivalent
Experience Level
At least 5 - 9 years
Other/Specific Qualifications (if required)
CISA/CISSP/CISM/CRISC
