Job Title: Cloud Cyber Risk Analyst & Third-Party Risk Manager

Department: ITG CDF

About Business line/Function: ITG CDF – CISO BUREAU is a unit which making sure that CISO key objectives are in line with Group strategy.

Position Purpose: The Group Cloud Chief Information Security Officer (CISO) team is responsible of cybersecurity and resilience of all assets in clouds across BNP Paribas group. The scope covers all cloud offerings (IaaS, PaaS, SaaS) including third party software deployed on all cloud providers (IBM Cloud, Microsoft Azure, Amazon Web Services, Google Cloud Platform…). 

The Cloud Cyber Risk analyst & Third-Party risk manager will be actively involved in the 2 main missions of the Cloud CISO team:

1.             Cloud security perimeter through Software as a Service (SaaS) & Third-Party usages.

2.             Cyber risk assessments support for the Cloud Maturity Assurance Team (CMAT)/Task Force topics.

Her/His role will be to analyse, study, follow up, provide a critical eye and be source of proposal on cloud cybersecurity and Software Third Party (SaaS) usage. So, she/he will have to be strongly skilled on cybersecurity, ideally cloud security.

For this purpose, she/he will work in close collaboration with the Cloud CISO team based in Paris and an IT Risk Analyst based in Portugal too. 

She/He will, as well, provide help on the cloud risk cartography to the IT Risk Analyst - Cloud in Portugal when necessary.

Responsibilities

Direct Responsibilities

·         Cloud security perimeter through Software as a Service (SaaS) & Third-Party usages:

o    Active participation in (cloud) third party onboarding studies (risk assessment, review of cases studies, …)

o    Active participation to governance/organization topics on third party cases

o    Active participation to ensure third party cybersecurity governance is in place and follow-up third party cybersecurity governance in the run

o    Contribution to the committees on the studied cases

·         Cyber Risk assessments support for the Cloud Maturity Assurance Team (CMAT)/Task Force topics

o    Understand risk assessments already produced (based on ISO 27005/EBIOS Risk Manager) and impacts of remediations plans progresses on risks.

o    Skills to follow up/challenge remediation plans implemented by service providers or entities.

o    Contribute actively to risk assessments of cloud platforms and cloud applications.

·          

·         Other activities

o    Contribute to maintain cloud cybersecurity risk in tools when necessary Myaccess: rights management

o    Contribute to governance/organization topics related to the team

Technical & Behavioral Competencies

·                     Good understanding of organizations and IT Businesses

·                     Good technical understanding of infrastructures and IT Security Productions and Systems

·                     IT risk /Third Party risk analysis and management methods and should have worked on Risk Management Tools like, ServiceNow etc.

·                     Knowledge of Cyber Resilience, IT continuity and business continuity

·                     GRC - Governance, Risk Management and Compliance Management.

·                     IT Internal auditing assessments.

·                     Secure access control mechanisms; Encryption and Key management technics

Functional Skills

·         Experience in IT Risk and Cyber Security domains in a financial institution demonstrating a high-level of commitment and self-motivation.

·         Experience in the Finance & IT industry with strong exposure to IT Operations, Application Security, and/or network administration, IPS

·         Strong demonstrated knowledge of Risk & Compliance, cybersecurity, cyber risk, cyber threats, Third Party Technology Risk Management/ Vendor assessments

·         Risk knowledge and awareness of risks combined with enthusiasm and a genuine interest in the role of Risk Assessment, Third Party Technology Risk Assessment, Risk Analysis in business and providing Risk Opinion as a subject matter expert. 

·         Working knowledge of global regulations, frameworks and standards(ISO, NIST, COBIT, PCI-DSS, HIPAA) and conversant in the tactics, techniques and procedures used by Risk adversaries. 

·         Demonstrates a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. 

·         IT knowledge

·         Technical Skills

·         Know the norms and standards in IT security (ISO 27001, ISO 27005, ISO 31000)

·         Know cybersecurity repositories, norms and standards, IS and network architectures

·         Know how to assess a level of risk such as cyber security or IT resilience

Behavioral Skills

·         Strong Communication, Analytical and problem-solving skills.

·         Proven organizational skills with excellent multi-tasking, result oriented and prioritization skills

·         Good documentation and reporting skills

·         Ability to work independently

·         Strong communication and interpersonal skills, able to communicate and relate easily with IT, Finance and back-office users

·         Good communication, technical writing/diagramming skills

·         Attention to detail and accuracy

·         Capacity for creativity and innovation

·         Self-discipline

Specific Qualifications:

·         Minimum of 5 years of experience in cybersecurity (certification ISO 27001 Lead Implementor or Auditor appreciated)IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc. 

·         IT Auditing (ISO27001/2, NIST 800 Series, ISO27005, ISO42001)

·         Knowledge on Cloud specific Cyber Security appreciated (such as SOC2, CSA, ISO27017)

·         Regulatory Compliance

·         Specific Professional certifications like CISM, CRISC, CGEIT, CISSP, CISA.

Skills Referential (Required knowledge, skills and abilities)

Technical Skills:

·         Communication skills - oral & written

Transversal Skills: 

·         Analytical Ability

·         Ability to manage a project

·         Ability to understand, explain and support change

·         Ability to develop and adapt a process 

·         Ability to anticipate business / strategic evolution

Education Level: Bachelor’s Degree or Equivalent with at least 5 years of Experience.

Location: Bangalore

About BNP Paribas Group:

BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.