The bank for a changing world

We are looking for

VP - Independent Technical Testing

Apply REF: RIS001017

 

BNP Paribas Overview

BNP Paribas has a presence in 75 countries with more than 185,000 employees, including 145,000 in Europe. It ranks highly in its two core activities: Retail Banking & Services and Corporate & Institutional Banking.

At BNP Paribas, we work continuously on behalf of our clients, helping them to realize their projects around the world. You can be an important part of this, helping us to serve our clients both in mature and emerging markets, providing them with financial solutions across a diverse range of expertise, products and services. Our origins lie in Europe, but nearly a quarter of our employees now work in our multi-award-winning Asia Pacific offices and we are a committed player in all markets.

Strong risk management, combined with the stability that comes from being part of one of the largest banking groups in the world, underpin our success. Joining us, you’ll become an integral part of a dynamic team that spans nationalities, cultures and backgrounds, drawing together people from around the globe and reflecting our commitment to international placements.

Department Overview:

 

The Information and Communications Technology Risk department is part of the Group Risk Functions within BNP Paribas.  It is a part of the 2nd line of defence under the Bank’s Chief Cyber & Technology Risk Officer.  Among others, the department has responsibility for identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions.  This is achieved by delivering:

  • Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks. Tracking issues and agreed actions to completion.
  • Horizontal Risk Assessments: Assessing technology risks in relation to a particular theme or technology across the organisation. Examples could be assessments of the firewall change process, applications processing >$5m per day, applications hosted in the cloud, etc.
  • Vertical Risk Assessments: Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.) or our Internet connectivity.
  • Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions.
  • Recurrent analysis of maturity of controls on all entities of the Group 

Key Responsibilities:

Overview

Independent Technical Testing (ITT) in one of the activities of the Information and Communications Technology (ICT) Risk department. BNPP is looking for the Head of ISPL ITT team, which will help with his team to identify and reduce risks on the information system (alignment of strategy with business needs, software development life cycle, IT project management, IT architecture, IT security…) and thus improve the Bank business as usual. The Group is engaged in an important transformation process, including outsourcing functions or applications redesigning.

Responsibilities:

 

•      Steer and lead the technical testing activities such as deep assessments, control inspection and Red Team, carried out by a team currently composed of 4 generalist and technical auditors ;

•      Develop methodologies and tools for the achievements of assignments (including the development of the internal technical laboratory)

•      Ensure the steering of the 2nd line of defence activities

•      Verify the quality, relevance and traceability of the team’s assessments and the preparation of assessment reports ;

•      Provide IT and Cyber Risk Management advice to business and production teams.

 

Skills and Experience:

•        Master Degree or equivalent in ICT domains

•        7+ in security and technology assessments

•        Strong capacity of problem solving, presentation skills, and consulting

•        Demonstrated ability to communicate effectively with stakeholders and technical staff

•        Strong experience in project management

•        Excellent written and verbal communication

•        Recognized experience in cyber security (Pen Test, IAM, data protection, resiliency)

•        Customer oriented vision, best technical solution not always aligned to business constraints

•        Excellent understanding of Cyber environment fundamental’s, cyber risks and cyber threats

•        Excellent understanding of risk management protocols and the concept of "3 defence lines."

•         Appropriateness of the initiative to maintain and enhance its skill level.

•         Experience in the financial sector.

Technical Skills:

Mastery of concepts related to network infrastructures, information system security including emerging threats and attacks methodologies, in particular:

•        Network security, network equipment configuration, network protocols, network standards, supervision, "Conceptual Skills," "Decision Making," "Informing Others," functional and technical expertise, reliability, information security policy.

•        Recognized skills for the integration of different security or data protection technologies within a coherent architecture to effectively cover the risks of the company.

•        Mastery of technical testing tools.

•        Experience of pen-testing (network, application, system...).

•        Good technical understanding of security technologies, including intrusion detection/prevention, correlation of events, firewall, antivirus, anti-spam, policy tightening, patch management and configuration management, audit, security development technique, etc.

•        In-depth understanding of authentication and identification standards such as OAuth, OpenID and SAML.

•        Knowledge of cryptographic standards for encryption, electronic signature, key management infrastructure (PKI).

•        In-depth understanding of native platforms or common applications such as (non-exhaustive list): UNIX, Linux, Windows, Android, IOS, Oracle, MS SQL, Microsoft Outlook, J2EE and.NET applications...

•        Knowledge of security issues and associated controls related to hosting or cloud computing services. Knowledge of Amazon's AWS service is privileged.

•        Knowledge of the control frameworks and Compliance prerogatives.

•        Practical experience and knowledge of applications integrated with "services"-oriented enterprise architectures, supporting multi-channel approach and Web-based interfaces, Mobile, Tablet; etc.

Professional Qualifications:

•      Industry-recognized information security certifications such as CISSP, CISM, CRISK, CEH or Security+.

•      Mastery of delivering formal deliverables such as PowerPoint presentation, reports or procedures

•      Demonstrated ability to communicate effectively and to present in a structured approach

•      Mastery of MS Office skills

•      Good knowledge of following products will be a plus :

o   Archer Technologies SmartSuite Framework ;

o   Tufin Operations Management.

Conduct / Interpersonal Skills:

•      Be a role model, supporting and fostering a culture of good conduct

•      Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks

•      Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure.


 

BNP Paribas Overview

BNP Paribas has a presence in 75 countries with more than 185,000 employees, including 145,000 in Europe. It ranks highly in its two core activities: Retail Banking & Services and Corporate & Institutional Banking.

At BNP Paribas, we work continuously on behalf of our clients, helping them to realize their projects around the world. You can be an important part of this, helping us to serve our clients both in mature and emerging markets, providing them with financial solutions across a diverse range of expertise, products and services. Our origins lie in Europe, but nearly a quarter of our employees now work in our multi-award-winning Asia Pacific offices and we are a committed player in all markets.

Strong risk management, combined with the stability that comes from being part of one of the largest banking groups in the world, underpin our success. Joining us, you’ll become an integral part of a dynamic team that spans nationalities, cultures and backgrounds, drawing together people from around the globe and reflecting our commitment to international placements.

Department Overview:

 

The Information and Communications Technology Risk department is part of the Group Risk Functions within BNP Paribas.  It is a part of the 2nd line of defence under the Bank’s Chief Cyber & Technology Risk Officer.  Among others, the department has responsibility for identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions.  This is achieved by delivering:

  • Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks. Tracking issues and agreed actions to completion.
  • Horizontal Risk Assessments: Assessing technology risks in relation to a particular theme or technology across the organisation. Examples could be assessments of the firewall change process, applications processing >$5m per day, applications hosted in the cloud, etc.
  • Vertical Risk Assessments: Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.) or our Internet connectivity.
  • Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions.
  • Recurrent analysis of maturity of controls on all entities of the Group 

Key Responsibilities:

Overview

Independent Technical Testing (ITT) in one of the activities of the Information and Communications Technology (ICT) Risk department. BNPP is looking for the Head of ISPL ITT team, which will help with his team to identify and reduce risks on the information system (alignment of strategy with business needs, software development life cycle, IT project management, IT architecture, IT security…) and thus improve the Bank business as usual. The Group is engaged in an important transformation process, including outsourcing functions or applications redesigning.

Responsibilities:

 

•      Steer and lead the technical testing activities such as deep assessments, control inspection and Red Team, carried out by a team currently composed of 4 generalist and technical auditors ;

•      Develop methodologies and tools for the achievements of assignments (including the development of the internal technical laboratory)

•      Ensure the steering of the 2nd line of defence activities

•      Verify the quality, relevance and traceability of the team’s assessments and the preparation of assessment reports ;

•      Provide IT and Cyber Risk Management advice to business and production teams.

 

Skills and Experience:

•        Master Degree or equivalent in ICT domains

•        7+ in security and technology assessments

•        Strong capacity of problem solving, presentation skills, and consulting

•        Demonstrated ability to communicate effectively with stakeholders and technical staff

•        Strong experience in project management

•        Excellent written and verbal communication

•        Recognized experience in cyber security (Pen Test, IAM, data protection, resiliency)

•        Customer oriented vision, best technical solution not always aligned to business constraints

•        Excellent understanding of Cyber environment fundamental’s, cyber risks and cyber threats

•        Excellent understanding of risk management protocols and the concept of "3 defence lines."

•         Appropriateness of the initiative to maintain and enhance its skill level.

•         Experience in the financial sector.

Technical Skills:

Mastery of concepts related to network infrastructures, information system security including emerging threats and attacks methodologies, in particular:

•        Network security, network equipment configuration, network protocols, network standards, supervision, "Conceptual Skills," "Decision Making," "Informing Others," functional and technical expertise, reliability, information security policy.

•        Recognized skills for the integration of different security or data protection technologies within a coherent architecture to effectively cover the risks of the company.

•        Mastery of technical testing tools.

•        Experience of pen-testing (network, application, system...).

•        Good technical understanding of security technologies, including intrusion detection/prevention, correlation of events, firewall, antivirus, anti-spam, policy tightening, patch management and configuration management, audit, security development technique, etc.

•        In-depth understanding of authentication and identification standards such as OAuth, OpenID and SAML.

•        Knowledge of cryptographic standards for encryption, electronic signature, key management infrastructure (PKI).

•        In-depth understanding of native platforms or common applications such as (non-exhaustive list): UNIX, Linux, Windows, Android, IOS, Oracle, MS SQL, Microsoft Outlook, J2EE and.NET applications...

•        Knowledge of security issues and associated controls related to hosting or cloud computing services. Knowledge of Amazon's AWS service is privileged.

•        Knowledge of the control frameworks and Compliance prerogatives.

•        Practical experience and knowledge of applications integrated with "services"-oriented enterprise architectures, supporting multi-channel approach and Web-based interfaces, Mobile, Tablet; etc.

Professional Qualifications:

•      Industry-recognized information security certifications such as CISSP, CISM, CRISK, CEH or Security+.

•      Mastery of delivering formal deliverables such as PowerPoint presentation, reports or procedures

•      Demonstrated ability to communicate effectively and to present in a structured approach

•      Mastery of MS Office skills

•      Good knowledge of following products will be a plus :

o   Archer Technologies SmartSuite Framework ;

o   Tufin Operations Management.

Conduct / Interpersonal Skills:

•      Be a role model, supporting and fostering a culture of good conduct

•      Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks

•      Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure. 

Primary Location: IN-MH-MumbaiJob Type: Standard / PermanentJob: RISKSEducation Level: Other Degrees / Certifications / Vocational, Technical or Professional QualificationsExperience Level: At least 12 yearsSchedule: Full-time Behavioural competency: Ability to collaborate / Teamwork, Decision Making, Personal Impact / Ability to influence, Attention to detail / rigor, Organizational skills, Adaptability, Resilience, Active listening, Communication skills - oral & written, Client focused, Critical thinking, Ability to synthetize / simplify, Creativity & Innovation / Problem solving, Ability to deliver / Results drivenTransversal competency: Ability to understand, explain and support change, Analytical Ability, Ability to manage a project, Ability to set up relevant performance indicators, Ability to inspire others & generate people's commitment, Ability to develop others & improve their skills, Ability to develop and leverage networks, Ability to anticipate business / strategic evolution