Job Description

INFORMATION SECURITY PROFESSIONAL (JOB NUMBER: CIB007072)



About BNP Paribas Group:


BNP Paribas is a top-ranking bank in Europe with an international profile. It operates in 71 countries and has almost 199 000 employees. The Group ranks highly in its three core areas of activity: Domestic Markets and International Financial Services (whose retail banking networks and financial services are grouped together under Retail Banking & Services) and Corporate & Institutional Banking, centred on corporate and institutional clients. The Group helps all of its clients (retail, associations, businesses, SMEs, large corporates and institutional) to implement their projects by providing them with services in financing, investment, savings and protection. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas enjoys leading positions in Europe, a strong presence in the Americas and has a solid and fast-growing network in the Asia/Pacific region..




About BNP Paribas India Solutions:


Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, a leading bank in Europe with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 6000 employees, to provide support and develop best-in-class solutions. .




About Businessline/Function :


CIB Security & IT Risk provides information security services for the BNP Paribas Group. The IT Security Professional role is based in Mumbai and will work as part of a global team covering security risks and associated activities in multiple locations across EMEA, AMER & APAC.




Job Title:

Information Security Professional

Date:


Department:

CIB Security & IT Risk

Location:

Infinity Mumbai


Business Line / Function:

Reports to: (Direct)


Grade: (if applicable)

(Functional)


Number of Direct Reports:

NA

Directorship / Registration:

NA



Position Purpose


The purpose of the position is to help with the information security topics mentioned in the direct responsibilities.


Responsibilities



Direct Responsibilities

• Strong expertise in application security concepts and activities like Source Code Review (SAST) & Dynamic application vulnerability scanning (DAST).
• Good understanding of Information Security concepts and strategies.
• Knowledge of Secure Development methodologies and frameworks.
• Hands-on experience in penetration testing and tools like AppScan, Webinspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity…
• Well-versed in conducting Security Review, Assessments and providing recommendations.
• Knowledge of OWASP, SANS standards.

• Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans.

• Experience in Process Improvement, Controls Enhancement and Reporting.
• Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate.
• Providing independent expert advice to the IT areas on application & data risk issues.

• Engaging with organization wide risk and control groups, including internal audit and territory control teams.

• Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulating appropriate remediation strategies based on full understanding of business exposure and compensating controls.

• SPOC for security architecture meetings.

Contributing Responsibilities

• Monitoring and oversight of existing IT risks, working collaboratively with stakeholders in ensuring plans are managed within timescales and escalating where appropriate.

• Managing relationships with Business and IT teams, chairing periodic meetings and being a point of contact for escalating to wider team members.

• Assistance with drafting of risk acceptance statements and coordinating sign-off from business and IT stakeholders.

Technical & Behavioral Competencies

• Excellent Inter personal and presentation skills

• Strong in verbal and written communication

• Ability to liaise with cross-functional stakeholders globally

• Clear understanding of application and data security

• Must be flexible, independent, self-motivated

• Good analytical skills

Specific Qualifications (if required)

• CEH, SSCP, OSCP certified.

• Technical Graduate (Computer Science) Preferable.

Skills Referential


Behavioural Skills:


Ability to collaborate / Teamwork


Critical thinking


Communication skills - oral & written


Ability to deliver / Results driven


Transversal Skills:


Analytical Ability


Ability to manage a project


Ability to develop others & improve their skills


Ability to manage / facilitate a meeting, seminar, committee, training…


Choose an item.


Education Level:

Bachelor Degree or equivalent


Experience Level

At least 5 years


Other/Specific Qualifications (if required)

Primary Location

: IN-MH-Mumbai

Job Type

: Standard / Permanent

Job

: SECURITY OR FACILITIES MANAGEMENT
Education Level: Bachelor Degree or equivalent (>= 3 years)
Experience Level: At least 5 years

Schedule

: Full-time