Sr. Associate- Independent Testing
BNP Paribas Personal Finance
Mumbai, Maharashtra, India
3d ago

Responsibilities

  • Execute the review Information / Cyber Risk reviews within given timelines and expected quality.
  • Contribute to the development and implementation of a comprehensive assessment methodology and the tooling associated to deliver consistent reports.
  • Contribute towards formulation of annual RISK ORM independent testing review plan.
  • Perform Information / Cyber Security control testing and articulate the findings.
  • Interact with stakeholders of middle to senior level of management.
  • Document and report results of investigation by ensuring the quality, relevance and traceability of the weaknesses identified
  • Validate the allocated Permanent Control Actions from the previous reviews within the timelines and with expected quality.
  • i.e. Validation of remediation performed by the management)

  • Participate and recommend process enhancements to enhance the team operations.
  • Periodically share knowledge with the team about latest trends in Cyber or Information Risk areas.
  • Permanent Control Aspects

    Direct contribution to BNPP operational permanent control framework.

  • Contribute to the implementation of operational permanent control policies and procedures in day-to-day business activities, such as Control Plan
  • Comply with regulatory requirements and internal guidelines
  • Contribute to the reporting of all incidents according to the Incident Management System
  • Ensure audit recommendations are resolved within the specific timeline.
  • Technical & Behavioral Competencies

    Essential

  • Demonstrated passion towards uncovering control weaknesses in processes and technology.
  • Results-oriented and strong teammate with excellent analytical, problem solving skills. Outstanding presentation, written and verbal communication skills.
  • Knowledge of compliance standards like CIS, NIST and GDPR. With high level knowledge of secure development practices and standards such as OWASP.
  • Proficiency in concepts related to network infrastructures, information system security including emerging threats and attacks methodologies, in particular : Network security, network equipment configuration, network protocols, network standards, supervision, "Conceptual Skills," "Decision Making," "Informing Others," functional and technical expertise, reliability, information security policy.
  • Recognized skills for the integration of different security or data protection technologies within a coherent architecture to effectively cover the risks of the company.

    Mastery of technical testing tools and script development Experience of pen-testing (network, application, system...) will be a plus Good technical understanding of security technologies, including intrusion detection / prevention, correlation of events, firewall, antivirus, anti-spam, policy tightening, patch management and configuration management, audit, security development technique, etc.

    Knowledge of cryptographic standards for encryption, electronic signature, key management infrastructure (PKI). Good understanding of native platforms or common applications such as (non-exhaustive list) : UNIX, Linux, Windows, Android, IOS, Oracle, MS SQL, Microsoft Outlook, J2EE and.

    NET applications... Knowledge of IT controls

    Specific Qualifications (if required)

  • One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CRISC, CEH, OSCP or Security+.
  • Mastery of delivering formal deliverables such as PowerPoint presentation, reports or procedures ( Level : Proficient )
  • Demonstrated ability to communicate effectively and to present in a structured approach. ( Level : Proficient )
  • Mastery of MS Office skills. ( Level : Expert )
  • Basic to Intermediate Data Analysis skills using SQL, Python, Excel or VBA
  • Skills Referential

    Behavioural Skills : (Please select up to 4 skills)

    Attention to detail / rigor

    Communication skills - oral & written

    Ability to synthesize / results driven

    Critical Thinking

    Transversal Skills : (Please select up to 5 skills)

    Ability to manage / facilitate a meeting, seminar, committee, training

    Ability to set up relevant performance indicators

    Ability to inspire others & generate people's commitment

    Ability to manage a project

    Education Level :

    Bachelor Degree or equivalent

    At least 5 years

    Other / Specific Qualifications (if required)

    Shift Requirements : Day

    Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form