This Position will be based in Geneva.
YOUR TEAM
Swiss CISO Office, supervised by Swiss Territory CISO, defines and promotes Cyber Security and IT Risk Governance within BNP Paribas in Switzerland.
The team is composed of security professionals with diverse expertise to ensure comprehensive coverage of the organization's information security needs. Quality and excellence are at the core of our values. The team collaborates closely with different departments within IT, but also with legal, compliance, DPO, CDO and various business unit. Therefore, effective communication is crucial, as the team must convey complex security concepts and risks to technical and non-technical stakeholders.
As the head of the BNP Paribas Cyber Defense in Switzerland you will be part of Swiss CISO Office and you will manage the team of security analysts, responsible for Business CSIRT and offensive security activities. In addition, you will manage the team of DLP analysts.
You will ensure the organization of day-to-day Business CSIRT operations to have continuous service according to Group CSIRT target operating model.
Data Protection, being the core of Swiss regulator values, incidents and investigations will have a strong focus on data protection.
YOUR WORK DAY
As a manager of the team, you will have the following responsibilities:
Readiness of CSIRT team
- Ensure readiness of CSIRT, the CISO Office and other relevant IT and Business partners through:
- Developing the procedures, runbooks, required to ensure readiness
- Exercising the teams and processes through table-top sessions, trainings or crisis exercises
- Developing local Cyber Threat Intelligence
- Perform a security watch on different channels for the BNP Paribas Group, observe the development of threats and prepare reports:
- Carrying out daily monitoring of Group, NCSC CTI material, as well as public information
- Analyzing and summarizing specific cyber threats, detecting and issuing publications on compromised third parties.
- Actively participating in the Group’s Cyber Threat Intelligence community.
- Management of security incidents and contribution to potential crisis units
- Animate and coordinate cyber and data security investigation units or incident cells.
- Conducting security investigations related to all Swiss territory assets. Incidents and investigations have a strong data focus in Switzerland therefore the team will also manage data breaches that are not purely cyber.
- Perform analyses and gather information during security alerts
- As manager of CSIRT team, you will be responsible of managing cyber crises and report to CISO and other relevant stakeholders
- Coordinate different teams responding to IT security incidents
- Ensure notification of incidents to the local regulators are sent within delays
- Draw lessons from past events and observations to continuously improve the security
Cyberdefense
Your team will be responsible for:
- Organization of local testing exercises, such as pentests
- Oversight of pentest roadmap carried out by service providers
- Perform local tests or retest of critical infrastructure
- Have a clear understanding of vulnerabilities and ensure appropriate priorisation of their mitigation
Working closely with central CSIRT teams to align practices and ensure monitoring of outsourced activities within the scope of Cyber defense
YOUR PROFILE & SKILLS
- Professional Skills:
- Business/IT Relationship (Beginner)
- IT Risk and Cyber Security (Expert)
- Architecture (Beginner)
- IT Infrastructure (Proficient)
- IT Knowledge (Proficient)
- Interpersonal Skills:
- Ability to develop others & improve their skills (Proficient)
- Ability to develop and adapt a process (Proficient)
- Analytical Ability (Proficient)
- Ability to understand, explain and support change (Proficient)
- Ability to develop and leverage networks (Proficient)
- Good communication, organizational and people skills and the ability to work across functional groups.
- Ability to collaborate/Teamwork (Proficient)
- Ability to share/pass on knowledge (Proficient)
- Exemplary attitude and good interpersonal relations
- Languages:
- French: fluent
- English (Operational)
- Desired experience and education:
- 10+ years experience in several fields of IT Security
- 5+ years experience in a similar position
- Certifications in Cyber Security is a plus
- Technically savvy with several domains of IT
- Good understanding of the swiss banking regulation
WHY JOIN US?
BNP Paribas in Switzerland is a bank of reference active in Geneva, Zurich and Lugano. It is a major European partner for companies, as well as institutional and private clients. Joining BNP Paribas will give you the opportunity to take part in an authentic company project, in which innovation and career management act as driving forces to help talents emerge, express themselves fully and open up to career opportunities on an international level, by integrating a group that stands as a leader within the Eurozone. Please visit us at BNP Paribas Suisse.
In a changing world, diversity, equity and inclusion are key values for the well-being and the good performance of teams. At BNP Paribas, we wish to welcome and retain all talents, without any distinction: together we will build the finance of tomorrow, innovative, responsible and sustainable.
Finally, we insist on the particular importance of having our employees act daily in a spirit of ethical and professional responsibility.
NB: all terminologies apply in both the feminine and the masculine.
