About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.
About BNP Paribas Group:
BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability
Commitment to Diversity and Inclusion
At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.
About Business line/Function:
For 150 years, BNP Paribas Wealth Management has been committed to protecting clients’ wealth, developing it, and eventually passing it on to their loved ones. We deliver tailor-made experience, with outstanding attention to detail and expertise from precise local knowledge to the global know-how that we access from the Group. Our goal is to create a new wealth management experience fit for a world where digital interactions have come to enhance human ones. Wealth Management Investment Solution Hub (WMIS Hub) provides a global IT solution for BNP Paribas Wealth Management where we develop, maintain and evolve IT applications which fits to the specific needs of BNP Paribas Wealth Management business users.
Job Title:
Cybersecurity Manager
Date:
Department:
Wealth Management
Location:
Chennai
Business Line / Function:
ITRCS
Reports to:
(Direct)
Grade:
(if applicable)
(Functional)
Number of Direct Reports:
16
Directorship / Registration:
NA
Position Purpose
Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the team’s goal.
Main Scope
Role of Wealth Management India IT Risk and Information Systems Security Manager, being understood this role includes delegations from APAC WM CISO for the team located in India territory and fully participates in overall WMIS Cybersecurity and IT Risk objectives.
Participate to IT project security reviews conducted both on a global and APAC basis across all platforms. Participate in the Security Operation meetings in APAC, EMEA & CH regions. This requires the incumbent to foster close working relationships with other business areas and IT Development/Production/CSIRT/Production Security teams.
The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator.
Responsibilities
Direct Responsibilities
WM IT Risk and Security Manager
o Manage the WM IT Risk and Security local team in India by managing the recruitment, performances review as well as training and career-path development.
o Coordinate with APAC WM security actors, including India-based resources.
o Coordinate with APAC WM IT teams on risk and security topics, while promoting a secure development and deployment culture
o Assist for a Risk Treatment for any APAC WM issue, based on the WM GAIM generic process.
o Periodic reporting of security status to WM CISO APAC and WM Global CISO
o Contribute to the IT Risk and Cybersecurity Governance including procedural framework, Cybersecurity awareness and communication.
o Ensure the regular reporting for management follow-up
IT Security Compliance (delegation on WM APAC scope)
o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets.
o Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes.
o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA)
o Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements
o Ensure the compliance with the Third-party Technology risks and Cloud security.
o Identify the process gaps and provide solutions.
Application Security
o Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices.
o Identify and implement the latest security standards for internet facing and internal assets.
o Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA).
Perform Security risk assessments and reviews to be presented to respective committees.
Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider.
Production Security Oversight (delegation on WM APAC scope)
o Identify the production security requirements and ensure a smooth integration of WM assets within APAC IT Production, including network flow opening and Application Zoning compliance.
o Identify the compliance level of the production environment and contribute to remediation actions definition while keeping the oversight on actions progress.
o Keep an overview and ensure the adequate Vulnerability Management at the server and middleware level leveraging on production scans and liaising with relevant production stakeholders. Contribute to the management of Cybersecurity incidents.
CyberSecurity Program (delegation on WM APAC scope)
o Contribute to the steering and driving of the security initiatives on the APAC scope expected by the WM Cybersecurity Program.
Contributing Responsibilities
Coordination with IT Security actors
o Reporting line to the WM GAIM Global CISO: alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Wholesale Application Security Dashboard…)
o Coordination and control of security activities performed by APAC CIB Business Information Security and Production Security teams, including project assessment from production point of view, production security review, user security awareness for the WM scope.
o Coordination with the Swiss Security team concerning integration of WM assets within Swiss IT production.
o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group.
Technical & Behavioral Competencies
Cybersecurity / Technical Value-added Competencies
ü Cybersecurity Governance: framework (NIST / CIS framework), Security incident management, Logging & Detection (SIEM – ELK products)
ü DevSecOps: CI/CD toolchain knowledge of various tools
o Source code management: sonarQuabe, bibucket, github/gitlab
o Security application scanning (e.g. Sonatype/NexusIQ, Fortify, AppSpider, Qualys, DTR scan…)
o Automation/orchestration: Ansible tower, Jenkins
ü Application Security: Threat modeling, Security architecture key concepts, exposure to various development framework and applicative landscape (Java/Web, Mobile applications, containerization/docker, kubernetes, API management, Cloud security)
ü Vulnerability Management
o Nexpose, Nessus
ü Ethical Hacking Knowledge
o Kali Linux knowledge (metasploit, nmap)
Specific Qualifications (if required)
Qualifications and Experience
ü 10 years' experience in information security evaluation and design of technical architectures
ü Functional as well as technical knowledge of the applications used within BNP Paribas
ü Knowledge of the Norms and Standards of the BNP Paribas Group, in particular with respect to ITRM & Wholesale IT Security Norms and Policies
ü Team management experience is a must
ü Preferred Master level in Computer science and Information Security
Skills Referential
Behavioural Skills: (Please select up to 4 skills)
Communication skills - oral & written
Ability to collaborate / Teamwork
Decision Making
Ability to deliver / Results driven
Transversal Skills: (Please select up to 5 skills)
Ability to set up relevant performance indicators
Ability to develop and adapt a process
Ability to manage a project
Ability to develop others & improve their skills
Ability to manage / facilitate a meeting, seminar, committee, training…
Education Level:
Master Degree or equivalent
Experience Level
At least 10 years
Other/Specific Qualifications (if required)
Other Value-added Competencies
ü Advanced IT security certifications may be advantageous (such as CISM, CCSP, CSK, CEH, CISSP…).
ü Operational Risk and Permanent Control
ü Data Analytics solutions (Tableau, PowerBI) and strong expertise in Dashboard/reporting
