NETWORK SECURITY SPECIALIST
DESCRIPCIÓN DE LA ACTIVIDAD DEPARTAMENTO
Describir brevemente la actividad del departamento
MISSION AND OBJECTIVES
The Information and Communications Technology (ICT) Risk department is part of the Group RISK ORC Functions within BNP Paribas. It is a part of the 2nd Line Of Defence (2LOD) under the Bank’s Chief Cyber & Technology Risk Officer. Among others, the department has responsibility for identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions.
This is achieved by delivering:
- Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks. Tracking issues and agreed actions to completion.
- Horizontal Risk Assessments: Assessing technology risks in relation to a particular theme or technology across the organization. Examples could be assessments of the firewall change process, applications processing >$5m per day, applications hosted in the cloud, etc.
- Vertical Risk Assessments: Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.) or our Internet connectivity.
- Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions.
- Recurrent analysis of maturity of controls on all entities of the Group.
Independent Technical Testing (ITT) is one of the activities of the Information and Communications Technology Risk department. You will join this team and participate to internal assessments to identify Information and Communications technologies risks, including these linked to Cyber Security with a BNP Paribas Worldwide scope.
DESCRIPCION PUESTO (Tareas a realizar/Responsabilidades)
Detallar de una forma concisa que funciones va a realizar la persona
One of the RISK ORC ICT initiatives include enhancing the network security capability across the Group and establishing a global community to discuss risks, issues, opportunities and align to the strategic roadmap.
- The Network Security Specialist contributes to The Group’s Network Security and Resiliency strategy and operations whilst protecting the business from ICT Risks and ensuring compliance to regulatory requirements related with the network. This is a senior position for The Group reporting directly to senior leadership of RISK ORC ICT management.
- The Network Security Specialist facilitates strategic and tactical decision making for The Group’s and business units on ICT Risk view of Network Security.
- The Network Security Specialist engages with C-suite stakeholders across The Group and business units, internal and external Network Security forums / committees, functional and technical architecture committees for matters of ICT Risk.
- The Network Security Specialist is responsible for working with key individuals throughout the organization and service providers for Networking risk assessment and advising on the risk appetite for both build and run of Network Architectures.
- Manage known or emerging security and IT risks for Networks by initiating or influencing the development of new security architectures and compliance with architectural principles and objectives
- The Network Security Specialist is responsible for establishing minimum baseline IT security and resiliency controls required for The Group’s and business units Network environments and ensure governance for compliance to these controls while continuously seek to improve the organizations maturity of Network Security.
- The Network Security Specialist reviews, challenges and contributes to The Group’s Network Security policies, setting procedures and guidelines to ensure that all Network components are secure and safeguarded throughout The Group and business units and are in compliance with regulations, privacy, customer trust and information security laws and regulations applicable to The Group.
- The Network Security Specialist is responsible to report and alert The Group’s management of the status of the Network Security Risk to which The Group and business units are exposed.
- The Network Security Specialist contributes to the development and growth of the risk culture within The Group for Network Architectures.
- Build global community to discuss issues, risks and align to standardised processes and toolsets.
- Build and manage global community / cross – functional teams to discuss issues, risks, opportunities and align to standardised processes, toolsets as well as building on existing recruiting capabilities to address new needs and skills gaps.
FORMACIÓN REQUERIDA (conocimientos, Formación especializada)
TRAINING AND OCCUPATIONAL EXPERIENCE
• At least 10 years’ experience in IT security with focus on strategic networking projects, build and review of network architecture, compliance and risk management.
• Leadership experience in Networking and Security environment preferably financial services industry.
• Demonstrable leadership experience building cross-organisational consensus with exposure to technology providers and/or business clients.
• Solid experience in functional, technical and security architectures and network reference models.
• Experienced network security technologist with hands on experience in LANs, MAN and WANs, both wired and wireless, and the design of datacentre networks including service, storage and operations networks.
• Experienced of working with CRO’s, CIO’s, and must be able to interface and coordinate work efficiently and effectively with business and technology partners.
• Must be able to articulate and document design and implementation approaches for secure network architectures.
• Detailed knowledge of sustainable and risk based security network controls required for financial institution.
• Detailed knowledge of network delivery, security and deployment models for on premise, hybrid, distributed and cloud networks.
• Working knowledge of security standards including NIST, CIS and ISO.
• Working knowledge of network security compliance with key regulations and standards including General Data Protection Regulation (GDPR) and PCI-DSS.
• Experience in network segregation / segmentation, including traditional methods such as VLANs and emerging solutions such as micro-segmentation.
• Experience with Software Defined Networks (SDN) and Software Defined WAN (SD-WAN).
• Experience in Security Technologies like Security Information and Event Management (SIEM), Public Key Infrastructure (PKI), Firewalls, Intrusion Detection / Prevention, Anti Malware, Email Security, Web Content Filtering, DDoS Protection, Mobile Device Security, Endpoint Detection & Response, Patch Management, Deceptive Technologies, Data Loss Protection, Cloud Access Security Broker (CASB), Application Security and Identity and Access Management.
• Good understanding of financial applications including interdependencies, conflict of interest and organisational responsibilities.
• Strong risk mind-set with understanding of applicable Technology Risk and Business Continuity regulatory requirements in financial services sector.
PERFIL PERSONAL/ COMPETENCIAS
Actitudes necesarias para el desarrollo del puesto
SKILLS AND BEHAVIOURS
• Excellent communication and influencing skills, including ability to articulate complex issues and incorporate feedback.
• Good team player, strong stakeholder management, relationship building, influencing, facilitating and presenting skills.
• Role model, promotion of a culture of good conduct and contribution to maintaining such a culture
• Proactivity, transparency and clear accountability for the determination and management of behavior risks
• Consistently develop ana leverage the teamwork between peers, management and stakeholders
• Good listening and analytical skills including:
o Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business.
o Ability to express views clearly and fluently, both orally and in writing.
o Considers the audience, avoiding technical jargon wherever necessary and appropriate.
• A passion for technology and security safeguarding with a desire to deliver the best.
• Has the proven ability to build and manage technical and management teams and adapt to changing technology environments.
• Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements.
• Candidates should be able to apply a consulting approach.
• Excellent in the ability to understand how and why processes and solutions are designed to deliver specific outcomes.
• Is self-aware, anticipates problems, adapts and meets them head on
ESSENTIAL SPECIFIC REQUIREMENTS
• Professional qualifications relevant to Network and IT Security (such as a university degree, CCNA, CISSP, CISA, CISM, CRISC, etc.)