BNP Paribas Group:
BNP Paribas Group is a leading European bank with a strong
global footprint across 72 markets and more than 202,000 employees. The
Group provides corporates, institutional and private investors with product
and service solutions tailored to their specific needs. It offers a wide
range of financial services covering corporate & institutional banking,
wealth management, asset management, insurance, as well as retail banking and
consumer financing through strategic partnerships.
BNP Paribas India Solutions:
Established in 2005, BNP
Paribas India Solutions is a wholly owned subsidiary of BNP Paribas Group, a
leading bank in Europe with an international reach. With delivery centers
located in Mumbai and Chennai, we are a 24x7 global delivery center. We
partner various business lines of BNP Paribas such as Corporate and
Institutional Banking, Wealth Management, Retail Banking through three
verticals - Information Technology, Operations and Finance Shared Services.
Business line/Function :
IT Auditor, IG Hub APAC
Inspection Générale Hub Asia Pacific
Business Line / Function
Head of Audit IT, Asia Pacific
Number of Direct Reports
Directorship / Registration
conduct Information Technology and Cybersecurity audit work in accordance
with the IG methodology and ensure high standard of deliverables
contribute to the Information Communication Technology risk assessment of
audit universe establishing a reliable communication channel with the
follow through with auditee on implementation of recommendations
1. Participate in the audit team
assignments and special reviews (when required by regulators, business lines,
or senior management)
Contribute to the planning and preparation of the
assignment e.g. understanding the methodology to be applied, acquiring a deep
knowledge of the activities to be covered, understanding the detailed
technologies, gathering relevant key figures, etc.
Develop a thorough understanding of the
activities within the scope of the assignment, its strategy and governance,
and the related risks.
Evaluate the overall setup and identify the main
areas of risk (including a comprehensive assessment of the management actions).
Execute detailed investigations leveraging on a
strong technical knowledge in various IT systems (Databases, Operating
systems Linux/Windows, Cybersecurity/Network security, Virtualization,
containerization, Cloud Computing and related risks)
Leverage on adequate programming languages and
scripting to perform efficient investigations by automating analysis.
Ensure the adequate learning and understanding of
the standard IT solutions used in the IT infrastructure and production,
Cybersecurity management in order to analyze adequately their configuration
and be able to identify and raise potential risks.
Recommend appropriate actions to the management
in order to remediate the identified weaknesses.
Formalize the results of the assignment
investigations and contribute to the production of the assignment
Present the conclusions of the assignment
fieldwork to the senior management.
the implementation of the Inspection Générale recommendations
Review and challenge the actions defined to remediate
the weaknesses identified by the audit team through its assignments.
Ensure the adequacy of the answers to address
permanently the gaps following accurately the recommended actions.
Perform relevant control testing to ensure the
proper implementation of the actions.
to the periodic risk assessment of IT activities and planning
Perform a periodic and comprehensive risk
assessment of the IT activities as per the Group guidelines.
Keep abreast of change/new development of regulatory requirements
that are relevant to IT activities and related functions.
Assist in the elaboration of the IT audit
planning following a risk-based approach.
Contribute to the improvement of the Inspection
Générale practices through the elaboration and update of our methodologies.
Technical and Behavioral Competencies required
Strong expertise in Cybersecurity (IT security
hands-on experience is a plus)
Strong technical background in IT activities
(including IT production / IT systems expertise)
Curiosity, rigor, and precision.
Outstanding analytical skills
Ability to synthesize
Excellent writing and presentation skills (in
High level of initiative, commitment, and drive
Ability to work effectively under pressure and
within short deadlines
Promotes a constructive, cooperative, and
participative teamwork environment
Qualifications (if required)
Possess a Bachelor’s / Master’s Degree in
Information Technology/ Management Information System / Computer Science and
Not less than 5 years of experience in external
auditing / internal auditing / IT / risk / compliance / internal control /
operations in the financial services industry.
Professional Qualification/Certificate in Audit,
e.g. CISA, CISSP, CISM, CCSP is a plus.
Behavioural Skills: (Please select up to 4
Innovation / Problem solving
Ability to collaborate / Teamwork
Ability to synthetize / simplify
(Please select up to 5 skills)
understand, explain and support change
anticipate business / strategic evolution
inspire others & generate people's commitment
develop and leverage networks
Master Degree or equivalent
At least 5 years
Other/Specific Qualifications (any of these skills
is highly appreciated)
Information Technology – Systems
Operating Systems : Linux/UNIX, Windows
Oracle, SQL Server, NoSQL, MariaDB, MongoDB
Data Analytics: Elasticstack, Kafka, Tableau, Power BI, R,
Python (Panda, Matplotlib, SciKit)
Cloud Technology: AWS, Azure - Containers Kubernetes, Docker
Sailpoint, CyberArk, Oracle Identity Management , Single Sign-On : WEB SSO
Network Security: Strong network knowledge, (routing,
Firewalls), Proxies (WEB, Reverse Proxy),
configuration, Patching, vulnerability scanning (Nexpose, Nessus)
OWASP, WAF, Scanning (Qualys, Rapid7, Tripwire, Fortify)
Testing / ForensicsTools:
Kali Linux (Burpsuite, nmap, zap, dirbuster, metasploit, …)