Assistant Manager / Manager - Security Risk Assessor
Standard / Permanent
PROCUREMENT OR SECURITY OR FACILITIES MANAGEMENT
3rd Party Security Risk Assessor
About BNP Paribas
BNP Paribas (www.bnpparibas.com) has a presence in 80 countries with nearly 200,000 employees, including more than 150,000 in Europe. It ranks highly in its three core activities: Retail Banking, Investment Solutions and Corporate & Investment Banking. In Europe, the Group has four domestic markets (Belgium, France, Italy and Luxembourg) and BNP Paribas Personal Finance is the leader in consumer lending. BNP Paribas is rolling out its integrated retail banking model across Mediterranean basin countries, in Turkey, in Eastern Europe and a large network in the western part of the United States. In its Corporate & Investment Banking and Investment Solutions activities, BNP Paribas also enjoys top positions in Europe, a strong presence in the Americas and solid and fast-growing businesses in Asia-Pacific.
*Rated A+ by Standard & Poor's.
The 3rd Party Security Risk Assessor, will be performing security assessments of vendors, service providers and 3rd party companies that manage systems or information for BNP Paribas.
Review services provided by vendor and define scope of assessment based on SIG / AUP
Perform security assessments or work with 3rd party provider who will be performing the review
Define appropriate risk levels and corrective actions
Report on assessment outcomes, risk level and associated recommendations
Input corrective action plans into system
Follow up on corrective action plans and review evidence for closure
Provide metrics on a regular basis (KPI / KRI)
Periodically reach out to vendors hosting our data regarding current threats to ensure they are taking necessary steps to reduce exposure.
Bachelor of Computer Science degree from an accredited college or university, or equivalent work experience
Minimum 5 years professional work experience, including a minimum of 2 years in an Information Security role or an IT Auditor role
Strong written/verbal communication skills, and organizational and work documentation proficiency
Good communicator with demonstrated ability to pass messages in a clear and concise manner
Ability to adapt to changing priorities, handle multiple assignments, and adhere to strict deadlines
Ability to coordinate actions from several different teams
Experience performing IT audits or IT security risk assessments
CISSP, CISM or CISA certification