La banque d'un monde qui change

Nous recherchons un

Information Security Analyst

Postuler REF: ISA-OF-07/20
Position scope:

Cardif Pinnacle and Warrant Direct are the UK insurance arm of the BNP Paribas Banking Group. We are currently engaged in several business transformation projects, as well as, internal roadmaps specific to IT and Security. Due to increased demand on our current security team, an exciting opportunity arises to join a rapidly evolving team and business.

As a permanent member of the Security team you will be working alongside the GM - Information Security and the wider local and BNPP Group security teams. 

Your initial scope of activity will include:-

·         Security compliance monitoring

·         Vulnerability management

·         Security request and incident management

·         Business Continuity Planning support

·         Various security reporting at local and BNPP Group level.

·         Assisting delivery of the IT Security Roadmap.

It is envisaged, career development and progression opportunities will be possible as you further embed into the role.   


Key responsibilities include, but are not limited to:

·         Security incident recording, analysis and handling/management.

·         Conducting vulnerability assessments and coordinating remediation efforts.

·         Monitoring security compliance of IT estate, and coordinating remedial efforts

·         Upkeep security monitoring rules such as web filtering and email DLP, IPS/IDS rules, and    management of alerts received.

·         Management of Service Now ITSM tool incident and request records assigned to security team.

·         Security review and approval of firewall change requests.

·         Supporting internal and external security assurance reviews, and managing resulting recommendations.

·         Assisting preparation of and delivering security awareness campaigns to personnel.

·         Supporting upkeep of the Corporate BC Plan and IT Continuity documentation and plans, including engagement with various business areas to enable.     

·         Administration of BC mass notification tool.

·         Supporting Coordination of various BC and Crisis Management exercises.

·         Supporting with internal and BNP Paribas Group security reporting, and monitoring adherence to the Group security framework

·         Assisting with the delivery of the Cyber Security Program

·         Supporting with the management of cyber security risks.

·         Support delivery of projects as security SME ensuring security compliance.

·         Preparation and management of IT Security documentation (procedures, reports, analysis)

·         Engaging with 3rd Parties for security compliance/risk management reviews, and managing any remedial actions.

·         Assisting and advising the wider business on topics related to security  

Required Skills and Work Experience

·         IT Skills, including knowledge of computer networks, operating systems, software, hardware and Security.

·         Knowledge of the latest information security threats & vulnerabilities, and appropriate counter measures.

·         A proven understanding of best practices for Incident handling, security investigation processes and techniques.

·         Understanding of common security vulnerabilities, and tools used for identifying, reporting and analysis.

·         Understanding or prior experience of Business Continuity planning.

·         Prioritisation and time management skills.

·         Effective communication and documentation skills to both technical and non-technical staff and stakeholders.

·         Experience with internal / external Security and Governance audits.

·         Analytical and Problem solving skills

·         Exceptional interpersonal, stakeholder engagement and influencing skills




·         An understanding of the penetration testing process. 

·         Experience with Qualys and Nessus tools.

·         Experience with Service Now ITSM tool

·         Experience with Everbridge Mass notification tools.  

·         Knowledge of regulatory and IT Security and Personal Data Protection frameworks.

·         A background of working on security awareness campaigns

·         Experience in IT Security audit or risk management

·         Experience with attack monitoring and Intrusion Prevention (IDS/IPS), SIEM, Anti-Virus, WAF, Firewalls, Identity and Access Management (IAM), patch management, and encryption.


Required Qualifications


·       Experience working in an equivalent security related role.

·         IT or Security related degree or relevant industry qualifications such as CompTIA Security+


·         Information Security qualifications such as CISSP, CISA, CISM, CEH and OSCP, CIS20, or equivalent

·         An understanding of CIS20, NIST, NCSC, CVV

·         Risk Management experience.

Primary Location: GB-ENG-HertfordshireJob Type: Standard / PermanentJob: INFORMATION TECHNOLOGYEducation Level: Other Degrees / Certifications / Vocational, Technical or Professional QualificationsExperience Level: Not IndicatedSchedule: Full-time Reference: ISA-OF-07/20