Job Description – Cyber Security Engineer

About BNP Paribas Group:

BNP Paribas is a top-ranking bank in Europe with an international profile. It operates in 71 countries and has almost 199 000 employees. The Group ranks highly in its three core areas of activity: Domestic Markets and International Financial Services (whose retail banking networks and financial services are grouped together under Retail Banking & Services) and Corporate & Institutional Banking, centred on corporate and institutional clients. The Group helps all of its clients (retail, associations, businesses, SMEs, large corporates and institutional) to implement their projects by providing them with services in financing, investment, savings and protection. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas enjoys leading positions in Europe, a strong presence in the Americas and has a solid and fast-growing network in the Asia/Pacific region.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, a leading bank in Europe with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 6000 employees, to provide support and develop best-in-class solutions.

About Businessline/Function :

FRESH is a unique community of Finance and RISK Projects & Systems along with their related IT teams.

Job Title:

Cyber Security Engineer

Date:

Department:

FRESH

Location:

Mumbai/Chennai

Business Line / Function:

ITG

Reports to:

(Direct)

Grade:

(if applicable)

(Functional)

Manager

Number of Direct Reports:

Directorship / Registration:

NA

Position Purpose

The main responsibility of Cybersecurity personal is to develop and implement integrated solutions in the IT risk management policy approach.


 

Responsibilities

Direct Responsibilities

  • Define and implement the needs regarding Cybersecurity within the ITRMG referential framework and IT system development projects
  • Organize regular reviews of IS component source codes and ensure that the vulnerabilities identified are remedied
  • Design application security or related architectures (API, services, etc.)
  • Perform the security review of applications by enforcing security requirements
  • Organize project support for securing applications/sensitive data during application development lifecycle for software development projects
  • Ensure that security, operational risk and remediation plans are properly managed
  • Define a communication, training and/or cyber culture awareness raising program
  • Assist and provide advisory services for operational staff (Remote access, Privileged account, Exception management)
  • Prepare reports, risk measurements and the relevant management information
  • Execute risk and cyber security permanent controls based on the group generic ICT control plans
  • Cyber Resilience opinion: Participate in the analysis of cyber resilience and cyber fraud documents
  • Provide IT & Cyber risk management (IT, Cyber, Operational Resilience) advisory and guidance to the stakeholders involved

Contributing Responsibilities

  • Contribute to overall department and ISPL Vision goals as directed by Dept. head and Manager
  • Build a thorough understanding of Global Cybersecurity posture of the Bank in order to provide high impact risk analysis to protect the firm.
  • Contribute to classify the applications based on data confidentiality, integrity, availability and traceability, in order to obtain an end-to-end view of the most critical IT assets/sensitive data.
  • Contribute towards the identification of KPIs for the Operational Resilience Dashboards. Publishing the dashboard on regular basis.

Technical & Behavioral Competencies

Functional Skills

· Experience in IT Risk and Cyber Security domains in a financial institution demonstrating a high-level of commitment and self-motivation.

· Experience in the Finance & IT industry with a strong exposure to IT Operations, Application Security, SOC/SIEM, and/or network administration, IPS

· Strong demonstrated knowledge of cybersecurity, cyber risk and cyber threats

· Risk knowledge and awareness of risks combined with enthusiasm and a genuine interest in the role of Risk Assessment, Risk Analysis in business and providing Risk Opinion as a subject matter expert.

· Working knowledge of global threats to international cyber security, and conversant in the tactics, techniques and procedures used by cyber adversaries.

· Demonstrates a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate;

· IT knowledge

Technical :

  • Good understanding of organizations and IT Businesses
  • Good technical understanding of infrastructures and IT Security Productions and Systems
  • IT risk analysis and management methods
  • Knowledge of Cyber Resilience, IT continuity and business continuity
  • Knowledge of application code analysis (SAST/SCA), infrastructure scan (Qualys IVS)
  • GRC - Governance, Risk Management and Compliance Management.
  • A good understanding of large-scale technology infrastructure and SOC/CERT operations.
  • Should have worked with Risk Management Tools
  • IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc.
  • Network protocols and network connectivity concepts; Firewall and Internet technologies; Cloud Security, Banking Tools & Technologies;
  • Secure access control mechanisms; Encryption and Key management technics

Behavioral :

  • Strong Communication, Analytical and problem-solving skills.
  • Proven organizational skills with excellent multi-tasking, result oriented and prioritization skills
  • Good documentation and reporting skills
  • Ability to work independently
  • Strong communication and interpersonal skills, able to communicate and relate easily with IT, Finance and back office users
  • Good communication, technical writing/diagramming skills
  • Attention to détail and accuracy
  • Capacité for créativité and innovation
  • Self-discipline

Specific Qualifications (if required)

  • One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CRISC, CEH, OSCP or Security+.
  • IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc.
  • IT Auditing (ISO27001, ISO27005)
  • Regulatory Compliance
  • MBA in Finance/Systems/IT, Bachelor of Commerce, Master in Commerce, Bachelor in Science

Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Ability to collaborate / Teamwork

Communication skills - oral & written

Attention to detail / rigor

Choose an item.

Transversal Skills: (Please select up to 5 skills)

Ability to anticipate business / strategic evolution

Analytical Ability

Ability to understand, explain and support change

Choose an item.

Choose an item.

Education Level:

Bachelor Degree or equivalent

Experience Level

At least 5 years

Other/Specific Qualifications

  • CISA/CISSP/CISM/CRISC
               
  • One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CRISC, CEH, OSCP or Security+.
  • IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc.
  • IT Auditing (ISO27001, ISO27005)
  • Regulatory Compliance
  • MBA in Finance/Systems/IT, Bachelor of Commerce, Master in Commerce, Bachelor in Science
Primary Location
IN-MH-Mumbai
Job Type
Standard / Permanent
Job
INFORMATION TECHNOLOGY
Education Level
Bachelor Degree or equivalent (>= 3 years)
Experience Level
At least 5 years
Schedule
Full-time
Reference
LS CyberSecurity-002

Découvrez les métiers de BNP Paribas : IT, Tech et Data

Au-delà d’être un groupe financier, BNP Paribas est aussi une entreprise technologique. Les systèmes d’information, la data et les outils sont au cœur de notre ADN et offrent de nombreuses opportunités professionnelles !

En savoir plus

Pourquoi je candidaterais ?

Pour quelles raisons je rejoindrais BNP Paribas et pas une autre entreprise ?

Parce que je souhaite...

  • Et si on vous disait que travailler dans notre Groupe, ce n’est pas ce que vous croyez ? Chez BNP Paribas, on exerce une multitude de métiers qui évoluent en permanence pour être en phase avec les attentes des clientes et clients comme de la société.

  • Se sentir bien dans son job, c’est avant tout venir travailler comme on est.  C’est aussi avoir les moyens d’un bon équilibre entre sa vie professionnelle et sa vie personnelle. Deux engagements majeurs pour BNP Paribas.

  • Chez BNP Paribas, le développement de vos compétences est essentiel, pour vous comme pour nous. Et cela vous servira pour toute votre vie professionnelle.

En savoir plus