The Information andCommunications Technology (ICT) Risk department is part of the Group RISK ORCFunctions within BNP Paribas.
It is a part of the 2nd Line Of Defence (2LOD)under the Banks Chief Cyber & Technology Risk Officer. Among others, thedepartment has responsibility for identification of key technology risks to theBank and influencing business and technology partners to take sound riskmanagement decisions.
This is achieved bydelivering :
Tracking issues and agreed actions to completion.
Examples could be assessments of the firewall change process, applications processing >
$5m per day, applications hosted in the cloud, etc.
or our Internet connectivity.
Independent Technical Testing (ITT) is one of the activities of theInformation and Communications Technology Risk department.
You will join thisteam and participate to internal assessments to identify Information andCommunications technologies risks, including these linked to Cyber Securitywith a BNP Paribas Worldwide scope.
The Assessor shall be anall-round specialist in Information and Communication Technologies, whichinclude IT Processes, Governance, Architecture, Network, Systems, Application,Cyber Security and Continuity related subjects.
The assessor shall be competentto improve team skills on some ICT subjects and ensure the quality, relevanceand traceability of all identified gap.
As an assessor, you willinteract directly with customers at all levels of managements, and be able tosynthetize, popularise technical findings and identify risk.
Your excellentinterpersonal and verbal / written communication skills will help to ensure thegood roll out of assessments.
As part of the team, you willalso have the chance to help to improve the assessment methodology and todevelop the team tooling to improve the relevance of the findings.
TRAININGAND OCCUPATIONAL EXPERIENCE
Master Degree orequivalent in ICT domains.
3+ as IT assessor.
Industry-recognizedinformation security certifications such as CISSP, CISA, GCCC, CISM, CRISC,CEH, OSCP or Security+.
Mastery ofdelivering formal deliverables such as PowerPoint presentation, reports orprocedures.
Demonstratedability to communicate effectively and to present in a structured approach.
Mastery of MSOffice skills.
Good knowledge ofICT subjects.
Demonstratedability to communicate effectively with stakeholders and technical staff.
Excellent writtenand verbal communication.
Role model, promotion of a culture of good conduct andcontribution to maintaining such a culture
Proactivity, transparency and clear accountability forthe determination and management of behavior risks
Consistently develop ana leverage the teamwork betweenpeers, management and stakeholders
Eye for details, ability to process high quantity ofdocuments and correlate them
Be able to work under pressure in international environment
Highly organized, with a proven ability to manage awide number of subjects at any given time.
Be an enthusiastic and committed team player
Understanding of the Agile audit approach
Prepared to travel internationally
Mastery of concepts related tonetwork infrastructures, information system security including emerging threatsand attacks methodologies, for example :
Network security, network equipment configuration,network protocols, network standards, supervision, "ConceptualSkills," "Decision Making," "Informing Others,"functional and technical expertise, reliability, information security policy.
Recognized skills for the integration of differentsecurity or data protection technologies within a coherent architecture toeffectively cover the risks of the company.
Mastery of technical testing tools and scriptdevelopment
Experience of pen-testing (network, application,system...) will be a plus
Good technical understanding of security technologies,including intrusion detection / prevention, correlation of events, firewall,antivirus, anti-spam, policy tightening, patch management and configurationmanagement, audit, security development technique, etc.
Knowledge of cryptographic standards for encryption,electronic signature, key management infrastructure (PKI).
Good understanding of native platforms or commonapplications such as (non-exhaustive list) : UNIX, Linux, Windows, Android, IOS,Oracle, MS SQL, Microsoft Outlook, J2EE and.NET applications, etc.
Knowledge of IT controls