The Information andCommunications Technology (ICT) Risk department is part of the Group RISK ORCFunctions within BNP Paribas.
It is a part of the 2nd Line Of Defence (2LOD)under the Bank’s Chief Cyber & Technology Risk Officer. Among others, thedepartment has responsibility for identification of key technology risks to theBank and influencing business and technology partners to take sound riskmanagement decisions.
This is achieved bydelivering :
Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks.
Tracking issues and agreed actions to completion.
Horizontal Risk Assessments : Assessing technology risks in relation to a particular theme or technology across the organization.
Examples could be assessments of the firewall change process, applications processing >
$5m per day, applications hosted in the cloud, etc.
Vertical Risk Assessments : Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc.
or our Internet connectivity.
Partnership to the Business and Technology teams in helping them understand their technology risk profile and influencing their risk management decisions.
Recurrent analysis of maturity of controls on all entities of the Group.
Independent Technical Testing (ITT) is one of the activities of theInformation and Communications Technology Risk department.
You will join thisteam and participate to internal assessments to identify Information andCommunications technologies risks, including these linked to Cyber Securitywith a BNP Paribas Worldwide scope.
The Assessor shall be anall-round specialist in Information and Communication Technologies, whichinclude IT Processes, Governance, Architecture, Network, Systems, Application,Cyber Security and Continuity related subjects.
The assessor shall be competentto improve team skills on some ICT subjects and ensure the quality, relevanceand traceability of all identified gap.
As an assessor, you willinteract directly with customers at all levels of managements, and be able tosynthetize, popularise technical findings and identify risk.
Your excellentinterpersonal and verbal / written communication skills will help to ensure thegood roll out of assessments.
As part of the team, you willalso have the chance to help to improve the assessment methodology and todevelop the team tooling to improve the relevance of the findings.
Provide independent advice and timely assurance to management on the adequacy and effectiveness of policies, process, systems and controls.
Contribute to the development and implementation of a comprehensive assessment methodology and the tooling associated to deliver consistent reports.
Schedule and plan assessments with customers, assessors and team members.
Interact with customers of all level of management.
Document and report results of investigation by ensuring the quality, relevance and traceability of the weaknesses identified.
Ensure the on time delivery of complete and accurate reports.
Leading and overseeing the life cycle of an assessment.
TRAININGAND OCCUPATIONAL EXPERIENCE
Master Degree orequivalent in ICT domains.
3+ as IT assessor.
Industry-recognizedinformation security certifications such as CISSP, CISA, GCCC, CISM, CRISC,CEH, OSCP or Security+.
Mastery ofdelivering formal deliverables such as PowerPoint presentation, reports orprocedures.
Demonstratedability to communicate effectively and to present in a structured approach.
Mastery of MSOffice skills.
Good knowledge ofICT subjects.
Demonstratedability to communicate effectively with stakeholders and technical staff.
Excellent writtenand verbal communication.
Role model, promotion of a culture of good conduct andcontribution to maintaining such a culture
Proactivity, transparency and clear accountability forthe determination and management of behavior risks
Consistently develop ana leverage the teamwork betweenpeers, management and stakeholders
Eye for details, ability to process high quantity ofdocuments and correlate them
Be able to work under pressure in international environment
Highly organized, with a proven ability to manage awide number of subjects at any given time.
Be an enthusiastic and committed team player
Understanding of the Agile audit approach
Prepared to travel internationally
Mastery of concepts related tonetwork infrastructures, information system security including emerging threatsand attacks methodologies, for example :
Network security, network equipment configuration,network protocols, network standards, supervision, "ConceptualSkills," "Decision Making," "Informing Others,"functional and technical expertise, reliability, information security policy.
Recognized skills for the integration of differentsecurity or data protection technologies within a coherent architecture toeffectively cover the risks of the company.
Mastery of technical testing tools and scriptdevelopment
Experience of pen-testing (network, application,system...) will be a plus
Good technical understanding of security technologies,including intrusion detection / prevention, correlation of events, firewall,antivirus, anti-spam, policy tightening, patch management and configurationmanagement, audit, security development technique, etc.
Knowledge of cryptographic standards for encryption,electronic signature, key management infrastructure (PKI).
Good understanding of native platforms or commonapplications such as (non-exhaustive list) : UNIX, Linux, Windows, Android, IOS,Oracle, MS SQL, Microsoft Outlook, J2EE and.NET applications, etc.
Knowledge of IT controls