Execute the review Information / Cyber Risk reviews within given timelines and expected quality.
Contribute to the development and implementation of a comprehensive assessment methodology and the tooling associated to deliver consistent reports.
Contribute towards formulation of annual RISK ORM independent testing review plan.
Perform Information / Cyber Security control testing and articulate the findings.
Interact with stakeholders of middle to senior level of management.
Document and report results of investigation by ensuring the quality, relevance and traceability of the weaknesses identified
Validate the allocated Permanent Control Actions from the previous reviews within the timelines and with expected quality.
i.e. Validation of remediation performed by the management)
Participate and recommend process enhancements to enhance the team operations.
Periodically share knowledge with the team about latest trends in Cyber or Information Risk areas.
Permanent Control Aspects
Direct contribution to BNPP operational permanent control framework.
Contribute to the implementation of operational permanent control policies and procedures in day-to-day business activities, such as Control Plan
Comply with regulatory requirements and internal guidelines
Contribute to the reporting of all incidents according to the Incident Management System
Ensure audit recommendations are resolved within the specific timeline.
Technical & Behavioral Competencies
Demonstrated passion towards uncovering control weaknesses in processes and technology.
Results-oriented and strong teammate with excellent analytical, problem solving skills. Outstanding presentation, written and verbal communication skills.
Knowledge of compliance standards like CIS, NIST and GDPR. With high level knowledge of secure development practices and standards such as OWASP.
Proficiency in concepts related to network infrastructures, information system security including emerging threats and attacks methodologies, in particular : Network security, network equipment configuration, network protocols, network standards, supervision, "Conceptual Skills," "Decision Making," "Informing Others," functional and technical expertise, reliability, information security policy.
Recognized skills for the integration of different security or data protection technologies within a coherent architecture to effectively cover the risks of the company.
Mastery of technical testing tools and script development Experience of pen-testing (network, application, system...) will be a plus Good technical understanding of security technologies, including intrusion detection / prevention, correlation of events, firewall, antivirus, anti-spam, policy tightening, patch management and configuration management, audit, security development technique, etc.
Knowledge of cryptographic standards for encryption, electronic signature, key management infrastructure (PKI). Good understanding of native platforms or common applications such as (non-exhaustive list) : UNIX, Linux, Windows, Android, IOS, Oracle, MS SQL, Microsoft Outlook, J2EE and.
NET applications... Knowledge of IT controls
Specific Qualifications (if required)
One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CRISC, CEH, OSCP or Security+.
Mastery of delivering formal deliverables such as PowerPoint presentation, reports or procedures ( Level : Proficient )
Demonstrated ability to communicate effectively and to present in a structured approach. ( Level : Proficient )
Mastery of MS Office skills. ( Level : Expert )
Basic to Intermediate Data Analysis skills using SQL, Python, Excel or VBA
Behavioural Skills : (Please select up to 4 skills)
Attention to detail / rigor
Communication skills - oral & written
Ability to synthesize / results driven
Transversal Skills : (Please select up to 5 skills)
Ability to manage / facilitate a meeting, seminar, committee, training
Ability to set up relevant performance indicators
Ability to inspire others & generate people's commitment
Ability to manage a project
Education Level :
Bachelor Degree or equivalent
At least 5 years
Other / Specific Qualifications (if required)
Shift Requirements : Day