Sr. Associate- Independent Testing

About BNP Paribas Group:

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, a leading bank in Europe with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 6000 employees, to provide support and develop best-in-class solutions.

About Businessline/Function :

At the Group level, the RISK ORM Independent Testing is in charge of supporting BNP Paribas Entities and Group Functions through RISK procedures and RISK ORM organizational framework and governance for operational risk management and a permanent control framework.

The RISK ORM - Independent Testing activities are carried out using risk based approach and may be conducted periodically at group or entity levels with continuous review and assessment as required. The frequency for testing may increase, for certain topics, where environments are subject to continued change due to mergers and acquisitions or improvements in IT and Business processes.

The Independent Testing activities aims to validate whether the risk mitigation framework operates as

expected by verifying standards, policies and practices. Independent technical testing contributes to the

residual risk determination process by validating the implementation of the required controls

Job Title:

Senior Associate

Date:

Department:

RISK

Location:

Mumbai

Business Line / Function:

Group RISK ORM

Reports to:

(Direct)

HOD - Risk ORC ICT

Grade:

(if applicable)

NA

(Functional)

Onshore HOD

Number of Direct Reports:

NA

Directorship / Registration:

NA

Position Purpose

As a part of Group RISK ORM Independent Testing team, the overall purpose of this position is to co-ordinate and execute ICT risk assessments across Group in accordance with Group RISK ORM ICT standards and policies. To work in collaboration with other stakeholders from business and other RISK ORM teams to contribute towards influencing the ICT risk culture and reporting the risk status to the board.

• Scope: Group/Global

Responsibilities

• Execute the review Information/Cyber Risk reviews within given timelines and expected quality.
• Contribute to the development and implementation of a comprehensive assessment methodology and the tooling associated to deliver consistent reports.
• Contribute towards formulation of annual RISK ORM independent testing review plan.
• Perform Information/Cyber Security control testing and articulate the findings.
• Interact with stakeholders of middle to senior level of management.
• Document and report results of investigation by ensuring the quality, relevance and traceability of the weaknesses identified
• Validate the allocated Permanent Control Actions from the previous reviews within the timelines and with expected quality. (i.e. Validation of remediation performed by the management)
• Participate and recommend process enhancements to enhance the team operations.
• Periodically share knowledge with the team about latest trends in Cyber or Information Risk areas.

• Permanent Control Aspects

Direct contribution to BNPP operational permanent control framework.

• Contribute to the implementation of operational permanent control policies and procedures in day-to-day business activities, such as Control Plan
• Comply with regulatory requirements and internal guidelines
• Contribute to the reporting of all incidents according to the Incident Management System
• Ensure audit recommendations are resolved within the specific timeline.

Technical & Behavioral Competencies

Essential

• Demonstrated passion towards uncovering control weaknesses in processes and technology.
• Results-oriented and strong teammate with excellent analytical, problem solving skills. Outstanding presentation, written and verbal communication skills.
• Knowledge of compliance standards like CIS, NIST and GDPR. With high level knowledge of secure development practices and standards such as OWASP.
• Proficiency in concepts related to network infrastructures, information system security including emerging threats and attacks methodologies, in particular:
  • Network security, network equipment configuration, network protocols, network standards, supervision, "Conceptual Skills," "Decision Making," "Informing Others," functional and technical expertise, reliability, information security policy.
  • Recognized skills for the integration of different security or data protection technologies within a coherent architecture to effectively cover the risks of the company.
  • Mastery of technical testing tools and script development
  • Experience of pen-testing (network, application, system...) will be a plus
  • Good technical understanding of security technologies, including intrusion detection/prevention, correlation of events, firewall, antivirus, anti-spam, policy tightening, patch management and configuration management, audit, security development technique, etc.
  • Knowledge of cryptographic standards for encryption, electronic signature, key management infrastructure (PKI).
  • Good understanding of native platforms or common applications such as (non-exhaustive list): UNIX, Linux, Windows, Android, IOS, Oracle, MS SQL, Microsoft Outlook, J2EE and.NET applications...
  • Knowledge of IT controls
    

Specific Qualifications(if required)

• One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CRISC, CEH, OSCP or Security+.
• Mastery of delivering formal deliverables such as PowerPoint presentation, reports or procedures (Level : Proficient)
• Demonstrated ability to communicate effectively and to present in a structured approach. (Level : Proficient)
• Mastery of MS Office skills. – (Level : Expert)
• Basic to Intermediate Data Analysis skills using SQL, Python, Excel or VBA

Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Attention to detail/rigor

Communication skills - oral & written

Ability to synthesize/results driven

Critical Thinking

Transversal Skills: (Please select up to 5 skills)

Ability to manage / facilitate a meeting, seminar, committee, training

Ability to set up relevant performance indicators

Ability to inspire others & generate people’s commitment

Ability to manage a project

Analytical Ability

Education Level:

Bachelor Degree or equivalent

Experience Level

At least 5 years

Other/Specific Qualifications(if required)

Shift Requirements: Day