VP - India IT Security
About BNP Paribas Group:
Worldwide, BNP Paribas has a presence in 74 countries with more than 190,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 15,000 employees* and a presence in 14 markets, it provides clients with product and service solutions tailored to their specific needs, and continues to develop its franchise in the region.
About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas Group, a leading bank in Europe with an international reach. With delivery centers located in Mumbai and Chennai, we are a 24x7 global delivery center. We partner various business lines of BNP Paribas such as Corporate and Institutional Banking, Wealth Management, Retail Banking through three verticals - Information Technology, Operations and Finance Shared Services.
About Businessline/Function :
· As VP of INDIA IT SECURITY will report to the Head of Information Security for India and based in ISPL. This position is to ensure the compliance of India Territory with the Global & Regional Security policies
· Compliance with regulatory requirements. This extends to the coordination and active participation to the various audits of entire ISPL, India branch & other entities, including but not limited to those from internal, external and regulatory bodies.
· Proactively monitor and assess the IT infrastructure/applications of the bank to ensure that the CIAT of IT systems maintained.
· Risk management and participation to project review conducted on a global and local basis across all of the company platforms
· Foster close working relationships with other business areas and IT Development/Production teams.
VP – India IT Security
May 8, 2019
Business Line / Function:
Head, Information Security
Number of Direct Reports:
Directorship / Registration:
In their area, the VP – INDIA IT SECURITY performs the missions described above, if necessary coordinating their teams to achieve the set objectives.
1. Take part in defining the Global Security strategy
· Provides their business expertise to give themes for reflection in order to help to define the Global Security strategy
· Validates the GGS strategic guidelines
2. Perform management of Global Security for their area
· Is responsible for the deployment of security policies
· Helps to integrate security aspects in the processes of their entity/entities from end to end
· Takes part in crisis management units when requested
· Helps to manage security incidents & CSIRT
· Performs functional reporting
3. Manage implementation for Global Security in their area of responsibility
· Is responsible for the transposition of security policy
· Coordinates and leads security stakeholders
· Is responsible for analysis and assessment of security risks and their impacts, and for implementing the relevant measures
· Is responsible for keeping an up-to-date map of security risks
· Ensures that security matters are addressed in the processes of their entity from end to end (designing action plans, monitoring major projects, helping to integrate security aspects in key processes, etc.)
· Is responsible for intelligence and alerts
· Monitors & closes IG recommendations related to security well before the due dates
· Monitors and manages security-related nonconformities
· Manages security incidents
· Sets up/initiates a crisis management unit in the event of a major security incident
· Tests/checks regularly the robustness and efficiency of the security system
· Monitors the reporting
4. Assist their various contacts (all the employees in their area, security stakeholders, Entity managers, etc.)
· Provides security expertise for the business unit and functional managers in their area
· Supports and assists the security stakeholders of their area
· Is responsible for building security awareness among all the employees in their area
· Defines a training plan for the Security stakeholders of their area, based on the Global Security training courses
1. Governance, strategy and planning
a. To co-prepare presentations for the India quarterly Executive Management committee, and represent India Branch at any territory or regional/global committees.
b. To maintain the overall resource plan for his/her area.
c. To produce management metrics for the purpose of control and decision making
2. Cooperation & contribution
d. To actively coordinate and cooperate with other IT and IT Security teams (local, global and regional) to ensure best IT Security practices and deliveries and a smooth interaction.
e. To promote information systems security at the Bank's acceptable risk level. f
f. To participate to internal and external audits, and in liaison with regulatory and market bodies, including drills mandated by regulatory bodies.
g. To contribute to IT quality and process improvement generally.
h. To ensure that information system designers, operators, and users are directly concerned with the information system's inherent risks.
i. To maintain accurate and up-to-date information in the global IT Security informative tool
3. Risk Management
a. To work in partnership with the Business Lines, Organization & Methods, Information Systems, and others to draw up measures for implementing the Bank's Information Systems Security Directives. Especially to participate to all projects in order to ensure respect of good IT Security practices.
b. To be fully part of the network rules approval process, by reviewing and approving all EACB requests (including firewall, proxy and SMTP requests)
c. To ensure immediate and accurate reporting of any IT Security related incident (intrusion, virus, etc.) to the global IT Security process.
j. To answer to the various requests and inquiries.
4. Controls & Procedures
a. To participate to any regular security review necessary to ensure a control of the risk level on the scope of the country.
b. To ensure that work is conducted adhering to compliance (including firewall), data protection (customer & personal data) and other regulatory requirements.
c. To minimize operational risks and risks of fraud by implementing regular and sufficient controls related to his position.
d. To escalate to his management and/or Operational Risks & Permanent Control any issues identified.
e. To actively participate to IT Security Team Organization Framework including, but not limited to, correct time-tracking booking, timely & accurate recording of activity.
The missions of the VP – INDIA IT SECURITY covers all or part of the three major security activities for their area for India Territory:
1. IT Security
2. Data Protection & Privacy
Technical & Behavioral Competencies
- Extended knowledge of IT Security concepts.
- Experience in the IT industry with a strong background in computer operations, software development, and network administration.
- Good understanding of financial trading and operating environment.
- Must be able to handle customers in a confident, positive and responsive manner.
- Network protocols and network connectivity concepts; Firewall and Internet technologies;
- Secure access control mechanisms; Encryption and Key Management techniques
- To know how to define an action plan and to follow up on progress.
- To be organized and meticulous.
- Good communication, technical writing/diagramming skills.
- Must be motivated, and able to work independently as well as part of a team.
- Must demonstrate ethical responsibility, maturity, and discretion.
Specific Qualifications (if required)
Education / Certifications
- B.E. / B.Tech (or equivalent)
- Certifications like CISSP, CISA, ISO 27001 are good to have
Technical knowledge & Experience required:
- IT Infrastructure
- Application Security
- Data Center Security
- Unix, Linux, Windows Operating Systems
- Sybase, Oracle, MS SQL and other RDBMS
Minimum 15 years of industry experience required
Behavioural Skills: (Please select up to 4 skills)
Ability to deliver / Results driven
Transversal Skills: (Please select up to 5 skills)
Ability to anticipate business / strategic evolution
Ability to manage / facilitate a meeting, seminar, committee, training…
Ability to develop and adapt a process
Ability to manage a project
Ability to develop others & improve their skills
Bachelor Degree or equivalent
At least 15 years
Other/Specific Qualifications (if required)