About BNP Paribas Group:
“BNP Paribas Group is a leading European bank with a strong global footprint across 72 markets and more than 202,000 employees. The Group provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships”.
About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas Group, a leading bank in Europe with an international reach. With delivery centers located in Mumbai and Chennai, we are a 24x7 global delivery center. We partner various business lines of BNP Paribas such as Corporate and Institutional Banking, Wealth Management, Retail Banking through three verticals - Information Technology, Operations and Finance Shared Services.
About Businessline/Function :
CIB Security & IT Risk provides information security services for the BNP Paribas Group. The IT Security Professional role is based in Mumbai and will work as part of a global team covering security risks and associated activities in multiple locations across EMEA, AMER & APAC.
Information Security Professional
4 June 2019
CIB Security & IT RISK
Business Line / Function:
Number of Direct Reports:
Directorship / Registration:
The purpose of the position is to help with the information security topics mentioned in the direct responsibilities.
- Good Understanding of Information Security Concepts and Strategies.
- Ability to liaise with cross functional stakeholders globally.
- Knowledge of Data Classification and Data Masking Techniques and Mitigation Strategies.
- Working knowledge of Data Security tools like Delphix, DLP, Titus, AbInitio, Archer, etc.
- Well-verse in conducting Security Review, Assessments and providing recommendations.
- Experience in developing content and conducting Security awareness training.
- Experience in Process Improvement, Controls Enhancement and Reporting.
- Good understanding of data protection regulations and impact on IT landscape
- Providing advice and guidance to the Technology stakeholders on risk and control matters
- Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate.
- Providing independent expert advice to the IT areas on application & data risk issues.
· Engaging with Firm wide risk and control groups, including internal audit and territory control teams
· Working with Technology stakeholders (including Production Support and Development teams) to identify the top technology IT risks impacting the firm and formulating appropriate remediation strategies based on full understanding of business exposure and compensating controls.
· Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans.
· Monitoring and oversight of existing IT risks, working collaboratively with stakeholders in ensuring plans are managed within timescales and escalating where appropriate.
· Managing relationships with Business and IT teams, chairing periodic meetings and being a point of contact for escalating to wider team members.
· Contribute relevant information technology risk information as required by group reporting.
· Assistance with drafting of risk acceptance statements and coordinating sign-off from business and IT stakeholders.
· SPOC for security architectures meetings.
Technical & Behavioral Competencies
- Excellent Inter personal and presentation skills
- Strong project and resource management
- Strong in verbal and written communication
- Clear understanding of application and data security
- Security understanding or experience in cryptography, key management, ciphers
- Must be flexible, independent, self-motivated
- Good analytical skills
Specific Qualifications (if required)
- CISSP or CISM or CRISC mandatory
- Technical Graduate (Computer Science) Preferable.
collaborate / Teamwork
Communication skills - oral &
Ability to deliver / Results
manage a project
develop others & improve their skills
manage / facilitate a meeting, seminar, committee, training…
Choose an item.
Bachelor Degree or equivalent
At least 7 years
Other/Specific Qualifications (if required)