Cyber Security Analyst (12 month FTC)

The role

This is a role in BNP Paribas Real Estate UK.  The main mission of this role is to strengthen the protection of the company’s IT assets through the implementation and execution of the Group’s Cyber Security Reference Framework and methodology into Real Estate.  You will demonstrate an overall understanding of the group’s security requirements, supports the business lines as their systems mature to ensure they follow the standard security practice and comply with corresponding security requirements.

You will act as a subject matter expert and a trusted advisor by providing authoritative IT cyber security advice and guidance to internal IT teams, ensuring secure by design principles are met by relevant IT teams. Working as part of a wider cyber security team based in Paris, you will be dedicated to the cyber security environment of the UK business.

Reporting directly to the Cyber Security Manager, you will work alongside the IT Governance Officers to ensure all Cyber/IT security risks are well managed. In order to meet our expectations, the successful candidate should have an eagerness to strive for the best outcome and a desire for personal development. This is a challenging but rewarding role, providing the successful candidate with an opportunity to implement and maintain security standards whilst working closely with and being supported by an experienced and knowledgeable IT team. 

Activities 

The collaborator will be involved in the following activities:

1.    Identifies essential cyber security assurance activities for IT projects and changes management lifecycle, and provides support to project team on various security governance gates until project closure

2.    Assists business and internal IT teams in IT asset classification and categorization process, and maintains the security-related information in the IT asset inventory system 

3.    Determines IT Risk and Cyber requirements, analyses and assesses the security compliance of IT assets

4.    Provides guidance to the IT development team and vendor on the required security assessment and testing for bespoke software, and performs application security baseline compliance check to secure applications during the SDLC

5.    Collaborates with IT asset owner and external assessor for the planning and coordination of Penetration Testing, validates test results with asset owners and updates findings to the central repository

6.    Supervises the vulnerability management and follows up with asset owners for the tracking and remediation of findings identified from various scanning tools and penetration testing

7.    Works with local and central IT teams to identify any Shadow/Light IT situations in business, and follows the group process for managing risks associated

8.    Prepares IT risk & Cyber reports for management and governance committees

9.    Supports IT risk team in risk assessment and follow-up of action plan execution.

Essential experience                                

•    Proven experience in IT Risk and Cyber Security

•    Strong working knowledge and thorough understanding of Data Security, Network and Infrastructure Security, Application Security, Vulnerability Monitoring, Cyber threats, security operation control mechanisms and solution (such as Firewall, SIEM, WAF, Malware Defences and IAM)

•    Good understanding of Cyber Security management and IT risk management processes

•    Broad knowledge of IT process, methodology, IT infrastructure, application development as well as latest technologies (e.g. Cloud, AI)

•    Experience in assessing and supporting compliance of security standards – such as PCI-DSS, Cyber Essentials, ISO 27001, NIST and those published by the NCSC

Key skills/competencies 

•    Excellent communication skills including written and spoken English

•    Experience of and ability to liaise with senior stakeholders

•    Risk anticipation, risk articulation and constructive opinion

•    Sound decision maker

•    Understanding of corporate governance and compliance procedure

•    Pursues excellence

•    Motivated and driven

Desirable Qualifications

•    Formal IT/Cyber security certification – CISSP, SSCP, CISM, CSIRC

We are proud to offer award-winning benefits to support and reward our employees:

•    Heath & Leisure: Private medical cover, 25 days annual leave + public holidays (the option of purchasing up to 5 additional days via flex benefits), health screening, gym discounts, wellbeing support, volunteering opportunities, cycle to work scheme, eye care voucher, travel & retail discounts, travel insurance, concierge service, kids pass, open fairways golf card, great company culture and social events (including sports teams, charity events, art pass), perks at work 

•    Financial:  Pension, life assurance at 8 x basic salary, group income protection (long term disability insurance), interest free season ticket loan, bonus scheme - you will be eligible to participate in the Company’s Bonus Scheme, share incentive plan, financial and mortgage advice 

BNP Paribas Real Estate is committed to providing a work environment that fosters diversity, inclusion, and equal employment opportunity without regard to race, colour, gender, age, creed, sex, religion, national origin, disability (physical or mental), marital status, ancestry, sexual orientation, gender identity and gender expression, or any other legally protected status.