Manager India IT Security

Job Description

*About BNP Paribas Group:BNP Paribas is a top-ranking bank in Europe with an international profile. It operates in 71 countries and has almost 199 000 employees. The Group ranks highly in its three core areas of activity: Domestic Markets and International Financial Services (whose retail banking networks and financial services are grouped together under Retail Banking & Services) and Corporate & Institutional Banking, centred on corporate and institutional clients. The Group helps all of its clients (retail, associations, businesses, SMEs, large corporates and institutional) to implement their projects by providing them with services in financing, investment, savings and protection. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas enjoys leading positions in Europe, a strong presence in the Americas and has a solid and fast-growing network in the Asia/Pacific region.About BNP Paribas India Solutions:Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, a leading bank in Europe with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 6000 employees, to provide support and develop best-in-class solutions.Position PurposeThe missions of the IT SECURITY MANAGER covers all or part of the three major security activities for his (her) area:

1. Information Systems (IT) security
2. Cybersecurity
3. Data Security

The missions of the IT SECURITY MANAGER extend to the India territory (with a few minor exceptions), in accordance with the policy defined by the BNP Paribas Group:

1. Take part in Implementing the Global Security strategy
2. Perform management of Global Security for India Territory
3. Perform Stakeholder Management of all key departments/entities

ResponsibilitiesKey Responsibilities

• Analyze systems, protocols, interactions, and data to identify and response to active security threats in the environment.
• Collect, analyze, and report on malicious software and phishing messages targeting internal assets to understand the capabilities and indicators of compromise.
• Create and improve upon existing response, triage, containment, and recovery processes.
• Continually monitor for policy violations or incidents and actively participate in remediation
• Prepare documentation for technical controls and processes associated with information security solutions
• Work closely with other technology personnel to ensure the security of the environment and remediation of security events
• Perform IT Security Awareness and Trainings
• Be a Team Player and manage a team of IT Security professionals

Main Activities

• Perform regular IT Security reviews of all IT assets
• Work on IT Security analysis and exceptions on a case-by-case basis
• Assist end-to-end in Internal Audits, Regulatory Audits, External Audits
• Engage in Cyber Drills, Red Team exercises
• Support in the execution of Internal Risk Controls
• Perform Firewall Rule reviews
• Engage in Cybersecurity projects, Application Security Reviews, etc.
• Conduct IT Security reviews of Data Centers, Bank Branches, Workstations
• Perform Risk Assessments on new & exiting business solutions, infrastructure setup & applications
• Write Standard Operating Procedures in a structured format
• Follow-up on closure of findings/observations from Secure Code Reviews & Penetration Testing,
• Follow-up with IT Teams on Patching, Anti-Virus Updates, removal of non-standard assets, asset hardening, etc.
• User Access Management such as removal of Toxic Access Combinations, removal of elevated privileges,

Experience Required

• Extended knowledge of end-to-end IT Security concepts
• Good communication, technical writing/diagramming skills.
• Experience in the Finance & IT industry with a strong exposure to IT Operations, Application Security, SOC/SIEM, and/or network administration, IPS and Business Continuity
• Good understanding of financial trading and operating environment
• Must be able to handle customers in a confident, positive and responsive manner
• Network protocols and network connectivity concepts; Firewall and Internet technologies; Cloud Security, Banking Tools & Technologies;
• Secure access control mechanisms; Encryption and Key Management techniques
• To know how to define an action plan and to follow up on progress, be organized and meticulous
• Must be motivated, and able to work independently as well as part of a team
• Must demonstrate ethical responsibility, maturity, and discretion
• Microsoft Office tools such as MS Word, MS Excel, MS PowerPoint, SharePoint

, *Other/Specific Qualifications (if required)1. B.E. / B.Tech (ideal) / BSc2. Certifications like CISSP, CISA, ISO 27001 are good to have3. Minimum 9-10 years of industry experience required4. Good understanding of OS, Database, application, webservers platforms5. Experience in IT Risk Management;6. IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc.7. IT Auditing8. Regulatory Compliance9. People Management

Keyskills :
standard operating proceduresred teamkey managementit risk managementiso 27001internal auditit operationsit securityretail bankingaccess controlit risksecurity toolscloud security