Job Description

About BNP Paribas Group:

BNP Paribas is a top-ranking bank in Europe with an international profile. It operates in 71 countries and has almost 199 000 employees. The Group ranks highly in its three core areas of activity: Domestic Markets and International Financial Services (whose retail banking networks and financial services are grouped together under Retail Banking & Services) and Corporate & Institutional Banking, centred on corporate and institutional clients. The Group helps all of its clients (retail, associations, businesses, SMEs, large corporates and institutional) to implement their projects by providing them with services in financing, investment, savings and protection. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas enjoys leading positions in Europe, a strong presence in the Americas and has a solid and fast-growing network in the Asia/Pacific region.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, a leading bank in Europe with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 6000 employees, to provide support and develop best-in-class solutions.

About Businessline/Function :

The DLP team in ISPL under APAC ITO CCCO organization is responsible for DLP incident management by monitoring Symantec console and performing level 1 investigations and the incidents. In addition, the team releases any outbound email blocked by DLP policy after adequate due diligence. Team also handles the process of granting exceptions on any restrictions implemented to prevent data leakage.

Job Title:

Senior Associate

Date:

Department:

APAC CIB ITO CCCO

Location:

Chennai/Mumbai

Business Line / Function:

CIB IT & Operations

Reports to:

(Direct)

Asst. Vice President - DLP/DPS (India IT Security)

Grade:

(if applicable)

(Functional)

Number of Direct Reports:

Directorship / Registration:

NA

Position Purpose

The main actors of data leakage in an organization are internal staff. As such, the purpose of this position is to ensure data leakage incidents (especially by non-perm staff and staff on notice period) are detected and prevented by means of various security tools and processes.

The person in this team will be responsible to help investigations team in further actions on true DLP incidents as well as management reporting.

This position is also responsible for unblocking emails that are blocked by DLP policies by performing necessary due diligence and providing a by-pass code.

Also, this position involves blocking of emails and web access for non-perm staff and grant exceptions to few of them based on risk assessments, management approvals, etc. Periodic reviews are performed on these exceptions.

Preparing management presentations periodically or on demand is also one of the activity expected from this team.

Responsibilities

Direct Responsibilities

• Monitor real-time Data Loss Prevention (DLP) alerts.
• Detecting, & handling data leakage incidents and perform additional data analysis to validate security breach.
• Identification of sensitive data and the workflow that evaluates and addresses DLP policy violations
• Unblock legitimate out bound emails blocked by DLP policies
• Manage exception process for non-perm staff whose external email access is blocked by default.
• Continuous improvement of the processes to strengthen the current DLP framework
• Revise and develop processes to strengthen the current DLP Operations
• Prepares operational documentation for operational teams in use of security

solutions

• Handling escalations especially for email blocking and exceptions.
• Train resources on new process and provide regular updates
• Creation of reports, dashboards, metrics for SOC operations and presentation to Senior Management.
• Co-ordination with stakeholders, build and maintain positive working relationships with the various teams.

Contributing Responsibilities

• Present to management the exception requests for their validation and show the % exception granted to non-perm within each entity.
• Contribute to the Permanent Control framework for implementation of policies and procedures in day-to-day business activities, such as Control Plan.
• Comply with regulatory requirements and internal guidelines.
• Contribute to the reporting of all incidents according to the Incident Management System

Participate to Audit interview and provide the require evidences

Technical & Behavioral Competencies

• Knowledge of Data Leakage Prevention concepts, rules and process execution
• Proficient in Incident Management and Response
• Ability to handle high pressure situations with key stakeholders to collaborate and communicate effectively and respectfully with both business-oriented executives and technology-oriented personnel in teams across the organization.
• Hands-on Experience in using Data Loss Prevention (DLP) products like Intel Security (McAfee), RSA, Symantec, Trend Micro etc.
• Create, filter, summarize, customize, and distribute reports.
• Knowledge on investigating incidents, remediation, tracking and follow-up for incident closure with concerned teams, stakeholders.
• Technical knowledge on security tools will be added advantage (Anti-virus/malware, IDS/ISP, Firewalls, proxies, vulnerability, etc) and infrastructure (Network, OS, Databases)

Specific Qualifications (if required)

• 2 - 5 years of Experience required.
• BE-IT / B Tech / BSc IT
• Added advantage to have product certifications like Symantec or McAfee Data Loss Prevention (DLP) or any other relevant certifications.
• Good to have understanding on network and endpoint security devices like Firewall, IPS, Web Application Firewall (WAF), Vulnerability Scanning, Antivirus, Endpoint Encryption etc.
• Advantage to have certifications like Certified Ethical Hacking (CEH), Offensive Security Certified Professional (OSCP), Certified Information Security Manager (CISM) or equivalent

Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Ability to collaborate / Teamwork

Decision Making

Critical thinking

Communication skills - oral & written

Transversal Skills: (Please select up to 5 skills)

Ability to understand, explain and support change

Ability to develop and adapt a process

Ability to manage a project

Analytical Ability

Choose an item.

Education Level:

Bachelor Degree or equivalent

Experience Level

At least 3 years

Other/Specific Qualifications (if required)

Any Cybersecurity or IAM

certification will be an advantage

Qualifications

NA