IT Security Officer
Prepare and facilitate the Local IT Security Steering Committee
Produce management metrics for the purpose of control and decision making
Provide recommendations to Management to increase security effectiveness of organization and technology solutions
Training: Set up and conduct induction training for new staff, conduct regular refresher training and awareness to existing staff, monitor completion of all IT security & BCM related mandatory trainings
Cooperation and contribution
To actively coordinate and cooperate with IT or other team to ensure best IT Security practices and deliveries and a smooth interaction
Contribute to Regional Security Projects & implement them locally when applicable
Work closely with Regional IT Security Coordination team for any IT Security matters and to ensure the compliance of Indonesia regulation o A close cooperation with IT Teams is expected in order to ensure enforcement of IT Security rules
Represent Indonesia IT Security in internal and external audits, and in liaison with regulatory
Conduct IT Security quality and process improvement generally
IT Risk Management
Implement the agreed policies and procedures
Ensure immediate and accurate reporting of any Indonesia IT Security related incident (intrusion, virus, etc.) to management.
Maintain an IT Security Awareness training program towards all employees.
Owner of the local Access Control tool, and as such, in charge of its correct operation.
To perform regular security risk assessment for all Applications and infrastructure to align with Security Policy
To perform Third party security review for Essential Service Providers
To ensure that work is conducted adhering to compliance (including firewall), data protection (customer & personal data) and regulatory requirements.
To minimize operational risks and risks of fraud by implementing regular and sufficient controls
To escalate to his management and/or Operational Risks & Permanent Control any issues identified.
CSIRT & Forensic Analysis
Analyzing security logs, monitoring logs, firewall logs and intrusion prevention system logs.
Conduct analyses related to forensic investigations, cybercrimes, and/or cyberattacks as required.
Perform threat management and protection against threats including malware, phishing, hacking and DDoS
Investigation and recommendations to identify gaps from the incident.
Prepare investigation report and KPI indicator on security incidents.
IT Security Production/ Operation
Monitoring security logs, monitoring logs, firewall logs and intrusion prevention system logs.
Security Incident handlings o Conduct a regular security and due diligence check list (application, workstations, Infrastructure).
Monitoring Data Leakage prevention
- Communicate and promote local objectives and constraints to BC Correspondents;
Foster sharing of good practices and expertise across BC Correspondents;
Coordinate BC Correspondents to ensure consistency of BC strategies between local activities/business units;
Define and implement recovery solutions consistent with the business needs of local activities/business units;
- Define an overall BC testing program and coordinate its execution with BC Correspondents;
Identify and escalate any gap between recovery objectives and business implementation;
Coordinate where applicable the organization of joint tests between BNP Paribas entities;
Conduct semi-annual BC Steering Committees to review status of business continuity plans and progress of implementation of business continuity projects;
Follow up and monitor resolution of BCM-related Audit, General Inspection or regulators open recommendations assigned to business units within the Bank;
Collect and consolidate the Bank’s scorecards and reporting as required by Management and Regional BCM
Provide all necessary information and reports required by local regulators and supervisory authorities
Monitor local regulatory, supervisory and industry developments which could impact BNP Paribas business continuity practices or standards
Represent BNPP Group with local regulatory authorities and market/industry bodies;
Set up, maintain and exercise BNP Paribas Indonesia crisis management organization;
Coordinate local response to business continuity incidents;
Set up and exercise a country-wide crisis management organization covering all BNP Paribas entities, and develop and maintain corresponding crisis management plan and procedures;
Qualifications and Experience:
At least 5 years of experience in similar role as IT Security or IT Risk, Control and Audit environment. Prior experience in IT Security Risk management would be advantageous
Recommended certification: CISM, ISO27001/2
Other Value-Added Competencies:
Attention to detail
Ability to manage several initiatives/projects and keep these on-track simultaneously
Ability to effectively manage your own time and the priorities
Interpersonal skills, ability to consolidate action plans and report progress status
Pragmatic, ‘Can do’ attitude & Proactive approach with a strong ability to work on own initiative
Capable of adapting to a new environment and to work under pressure towards tight deadlines
Excellent oral and written communication
Good interpersonal skills
Big picture awareness