• Save Job
  • 10 - 15 Years
  • Posted : above 1 month

Job Description:

It is a part of the 2nd line of defence under the Banks Chief Cyber & Technology Risk Officer Among others,
the department has responsibility for identification of key technology risks to the Bank and influencing business and
technology partners to take sound risk management decisions This is achieved by delivering
Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify
security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks
Tracking issues and agreed actions to completion
Horizontal Risk Assessments Assessing technology risks in relation to a particular theme or technology
across the organisation Examples could be assessments of the firewall change process, applications
processing >$5m per day, applications hosted in the cloud, etc
Vertical Risk Assessments Assessing risks to a product, service, technology or infrastructure For instance
we may complete a vertical assessment on our remote working solution (including Infrastructure, applications,
data, threats etc) or our Internet connectivity
Partnership to the Business and Technology teams in helping them understand their technology risk profile
and influencing their risk management decisions
Recurrent analysis of maturity of controls on all entities of the Group
APAC Template November 2018Position Purpose
Independent Technical Testing (ITT) in one of the activities of the Information and Communications
Technology (ICT) Risk department BNPP is looking for the Head of ISPL ITT team, which will help with his
team to identify and reduce risks on the information system (alignment of strategy with business needs,
software development life cycle, IT project management, IT architecture, IT security) and thus improve
the Bank business as usual The Group is engaged in an important transformation process, including
outsourcing functions or applications redesigning
Direct Responsibilities

Steer and lead the technical testing activities such as deep assessments, control inspection and
Red Team, carried out by a team currently composed of 4 generalist and technical auditors ;
Develop methodologies and tools for the achievements of assignments (including the
development of the internal technical laboratory)
Ensure the steering of the 2 nd line of defence activities
Verify the quality, relevance and traceability of the teams assessments and the preparation of
assessment reports ;
Provide IT and Cyber Risk Management advice to business and production teams
Contributing Responsibilities
Technical & Behavioral Competencies

Bachelors Degree or equivalent in ICT domains
7 in security and technology assessments for VP , 5 Years in security and technology assessments for
Overall experience 12 for VP position, 10 for AVP position
Strong capacity of problem solving, presentation skills, and consulting
Demonstrated ability to communicate effectively with stakeholders and technical staff
Strong experience in project management
Excellent written and verbal communication
Recognized experience in cyber security (Pen Test, IAM, data protection, resiliency)
Customer oriented vision, best technical solution not always aligned to business constraints
Excellent understanding of Cyber environment fundamentals, cyber risks and cyber threats
Excellent understanding of risk management protocols and the concept of 3 defence lines
APAC Template November 2018

Appropriateness of the initiative to maintain and enhance its skill level
Experience in the financial sector
Technical Skills
Mastery of concepts related to network infrastructures, information system security including emerging threats and
attacks methodologies, in particular
Network security, network equipment configuration, network protocols, network standards, supervision,
Conceptual Skills, Decision Making, Informing Others, functional and technical expertise, reliability,
information security policy
Recognized skills for the integration of different security or data protection technologies within a coherent
architecture to effectively cover the risks of the company
Mastery of technical testing tools
Experience of pen-testing (network, application, system)
Good technical understanding of security technologies, including intrusion detection/prevention, correlation of
events, firewall, antivirus, anti-spam, policy tightening, patch management and configuration management,
audit, security development technique, etc
In-depth understanding of authentication and identification standards such as OAuth, OpenID and SAML
Knowledge of cryptographic standards for encryption, electronic signature, key management infrastructure
In-depth understanding of native platforms or common applications such as (non-exhaustive list) UNIX, Linux,
Windows, Android, IOS, Oracle, MS SQL, Microsoft Outlook, J2EE andNET applications
Knowledge of security issues and associated controls related to hosting or cloud computing services
Knowledge of Amazons AWS service is privileged
Knowledge of the control frameworks and Compliance prerogatives
Practical experience and knowledge of applications integrated with services -oriented enterprise architectures,
supporting multi-channel approach and Web-based interfaces, Mobile, Tablet; etc
Specific Qualifications (if required)
Professional Qualifications
Industry-recognized information security certifications such as CISSP, CISM, CRISK, CEH or Security
Mastery of delivering formal deliverables such as PowerPoint presentation, reports or procedures
Demonstrated ability to communicate effectively and to present in a structured approach
Mastery of MS Office skills
Good knowledge of following products will be a plus
Archer Technologies SmartSuite Framework ;
Tufin Operations Management
APAC Template November 2018Skills Referential
Behavioural Skills (Please select up to 4 skills)
Ability to collaborate / Teamwork
Decision Making
Ability to deliver / Results driven
Communication skills - oral & written
Transversal Skills (Please select up to 5
Ability to manage a project
Ability to anticipate business / strategic evolution
Ability to develop and leverage networks
Ability to develop others & improve their skills
Ability to understand, explain and support change
Education Level Bachelor Degree or equivalent
Experience Level At least 10 years

Profile Summary:

Employment Type : Full Time
Eligibility : Any Graduate
Industry : IT-Software
Functional Area : IT Software : Software Products & Services
Role : Software Engineer
Salary : As per Industry Standards
Deadline : 15th Jul 2020

Key Skills:

Taking these free online tutorials can help you get your next job

People who search this job also searched for the following Keywords

Salary trends based on over 1 crore profiles

View Salaries

All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status