The bank for a changing world

We are looking for

IT Security - Assistant Manager


Standard / Permanent





Job function


Apply REF: BNP016895
Job Purpose
The IT Security Manager’s responsibility is to ensure the compliance of India with the Global & Regional Security policies, as well as the compliance with regulatory requirements. This extends to the coordination and active participation to the various audits of India branch/other entities, including but not limited to those from internal, external and regulatory bodies.
Proactively monitors and assess the IT infrastructure/applications of the company to ensure that the availability, integrity and security of IT systems are maintained. The risk management and participation to project review are conducted on a global and local basis across all of the company platforms, it also requires the incumbent to foster close working relationships with other business areas and IT Development/Production teams.
The position is based in India Solutions Pvt. Ltd. (ISPL), Mumbai and reports to the Head of IT Security, ISPL.


The missions of the IT SECURITY MANAGER covers all or part of the three major security activities for his (her) area:
  1. Data Security
  2. Information Systems (IT) security
  3. Cybersecurity
    The missions of the IT SECURITY MANAGER extend to the India territory (with a few minor exceptions), in accordance with the policy defined by the BNP Paribas Group:
  4. Take part in Implementing the Global Security strategy
  5. Perform management of Global Security for India Territory
  6. Perform Stakeholder Management of all key departments/entities

Key Responsibilities

  1. Analyze systems, protocols, interactions, and data to identify and response to active security threats in the environment.
  2. Collect, analyze, and report on malicious software and phishing messages targeting internal assets to understand the capabilities and indicators of compromise.
  3. Create and improve upon existing response, triage, containment, and recovery processes.
  4. Continually monitor for policy violations or incidents and actively participate in remediation
  5. Prepare documentation for technical controls and processes associated with information security solutions
  6. Work closely with other technology personnel to ensure the security of the environment and remediation of security events
  7. Provide written explanations of approach and analysis in plain language that supports the conclusions and observations
  8. Perform IT Security Awareness and Trainings
  9. Make presentations to top management whenever required
  10. Be a Team Player and manage a team of IT Security professionals
  1. Perform regular IT Security reviews of all IT assets
  2. Work on IT Security analysis and exceptions on a case-by-case basis
  3. Assist end-to-end in Internal Audits, Regulatory Audits, External Audits
  4. Engage in Cyber Drills, Red Team exercises
  5. Support in the execution of Internal Risk Controls
  6. Lead Firewall Rule reviews
  7. Engage in Cybersecurity projects, Application Security Reviews, etc.
  8. Perform annual onsite IT Security reviews at 3rd party service providers
  9. Conduct IT Security reviews of Data Centers, Bank Branches, Workstations
  10. Prepare PowerPoint presentations of Key Risk Indicators to management
  11. Perform Project Risk Assessments, risk assessments on Emerging Technologies such as RPA
  12. Investigations using Forensics tools for all IT Security Incidents
  13. Write Standard Operating Procedures in a structured format
  14. Follow-up on closure of findings/observations from Secure Code Reviews & Penetration Testing,
  15. Follow-up with IT Teams on Patching, Anti-Virus Updates, removal of non-standard assets, asset hardening, etc.
  16. User Access Management such as removal of Toxic Access Combinations, removal of elevated privileges,

Experience Required

  1. Extended knowledge of end-to-end IT Security concepts
  2. Good communication, technical writing/diagramming skills.
  3. People Management skills
  4. Experience in the IT industry with a strong exposure to IT Operations, Application Security, SOC/SIEM, and/or network administration, IPS and Business Continuity
  5. Good understanding of financial trading and operating environment
  6. Must be able to handle customers in a confident, positive and responsive manner
  7. Network protocols and network connectivity concepts; Firewall and Internet technologies; Cloud Security; RPA; Banking Tools & Technologies;
  8. Secure access control mechanisms; Encryption and Key Management techniques
  9. To know how to define an action plan and to follow up on progress, be organized and meticulous
  10. Must be motivated, and able to work independently as well as part of a team
  11. Must demonstrate ethical responsibility, maturity, and discretion
  12. Microsoft Office tools such as MS Word, MS Excel, MS PowerPoint, SharePoint


  • Education / Certifications 
  • BSc. / B.E. / B.Tech (ideal)

  • Certifications like CISSP, CISA, ISO 27001 are good to have
    Minimum 7 to 10 years of industry experience required in
  • Unix / Linux; Windows Operating Systems;
  • Sybase, Oracle, SQL and other Relational Database Systems;
  • Firewalls, IT Security Tools
  • IT Auditing
  • Regulatory Compliance
  • People Management

Primary Location: India Job Type: Standard / Permanent Job: PROCUREMENT OR SECURITY OR FACILITIES MANAGEMENT Education Level: Bachelor Degree or equivalent (>= 3 years) Experience Level: At least 7 years Schedule: Full-time