Job Title: IT RISK ANALYST (ODC providers)

Department: ITG CDF

About Business line/Function: ITG CDF – CISO BUREAU is a unit which making sure that CISO key objectives are in line with Group strategy. 

Position Purpose: The Group ODC Chief Information Security Officer (CISO) team is the referent team in terms of security for all activities/services performed by a ODC service provider. These services have the particularity of being carried out on partner’s premises. These premises are called Outsourcing Delivery Centre (ODC). 

However, it is important to differentiate ODCs Group from local ODCs. An ODC is a “Group ODC” only if it meets different criteria defined by the IT Sourcing teams (e.g., two sponsoring business, application of the Enterprise Contract (EC) …). The “Group ODC CISO” is only responsible of the so-called “Group” ODCs. “Local ODC” are managed, on security aspects, by Business CISOs.

Responsibilities

Direct Responsibilities

·        Apply and follow the cybersecurity strategy for Group ODC Platforms

o   Apply and follow the strategy to ensure the appropriate protection of ODCs against cyber risks. 

·        Monitor Cybersecurity metrics

o   Ensure that security controls and metrics are produced & reviewed periodically with our partners are still appropriate to the evolution of cyber threats.

o   Define Control Plans.

o   Performed audits of service providers to validate compliance of: 

o   Procedures performed. 

o   Measures and remediations implemented by service providers. 

·        Ensure appropriate level of Detection & Incident Management and remedy it:

o   Ensure that alerts and incidents management procedures are properly applied for all providers and reported to the Group CSIRT

o   In case of a security incident, in liaise with ITGP - Production Security, CSIRT and/or Business CISOs, ensure that:

§  business-critical services are recovered.

§  incident remediation plans are properly set up & followed up.

§  root cause analysis has been performed and improvement plans (if any) are identified. 

o   Analysis of the possibilities to prevent the same incident from happening again.

·        Run activities and derogations according to defined procedures and group policies:

o   Perform the run activities on the derogation’s platforms, examples: 

§  Iwav: URL derogation

§  Myaccess: rights management

§  Mobisubscribe: network accessEnsure processes for the project is followed for the assessments. 

Contributing Responsibilities

Technical & Behavioral Competencies

·        Good understanding of organizations and IT Businesses

·        Good technical understanding of infrastructures and IT Security Productions and Systems

·        IT risk /Third Party risk analysis and management methods and should have worked on Risk Management Tools like, ServiceNow etc.

·        Knowledge of Cyber Resilience, IT continuity and business continuity

·        GRC - Governance, Risk Management and Compliance Management.

·        IT Internal auditing assessments.

·        Secure access control mechanisms; Encryption and Key management technics

Functional Skills

·        Experience in IT Risk and Cyber Security domains in a financial institution demonstrating a high-level of commitment and self-motivation.

·        Experience in the Finance & IT industry with strong exposure to IT Operations, Application Security, and/or network administration, IPS

·        Strong demonstrated knowledge of Risk & Compliance, cybersecurity, cyber risk, cyber threats, Third Party Technology Risk Management/ Vendor assessments

·        Risk knowledge and awareness of risks combined with enthusiasm and a genuine interest in the role of Risk Assessment, Third Party Technology Risk Assessment, Risk Analysis in business and providing Risk Opinion as a subject matter expert. 

·        Working knowledge of global regulations, frameworks and standards(ISO, NIST, COBIT, PCI-DSS, HIPAA) and conversant in the tactics, techniques and procedures used by Risk adversaries. 

·        Demonstrates a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. 

·        IT knowledge

Behavioral Skills

•     Strong Communication, Analytical and problem-solving skills.

•     Proven organizational skills with excellent multi-tasking, result oriented and prioritization skills

•     Good documentation and reporting skills

•     Ability to work independently

•     Strong communication and interpersonal skills, able to communicate and relate easily with IT, Finance and back-office users

•     Good communication, technical writing/diagramming skills

•     Attention to detail and accuracy

•     Capacity for creativity and innovation

•     Self-discipline

Specific Qualifications:

·                  One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CEH, CRISC, OSCP or Security+.

·                  IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc. 

·                  IT Auditing (ISO27001/2, NIST 800 Series, ISO27005, ISO42001)

·                  Regulatory Compliance

Skills Referential (Required knowledge, skills and abilities)

Technical Skills:

·        Communication skills - oral & written

Transversal Skills: 

·        Analytical Ability

·        Ability to manage a project

·        Ability to understand, explain and support change

·        Ability to develop and adapt a process 

·        Ability to anticipate business / strategic evolution

Education Level: Bachelor’s Degree or Equivalent with at least 7-10 years of Experience.

Location: Bangalore

About BNP Paribas Group:

BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.