- - - - - -
The key objective of this role is to ensure that processes- across IT operate securely. The remit extends across all aspects of IT- security (i.e. policies and procedures, authorization and administration of- accesses, networks and firewalls, servers and workstations, operation- systems, databases and applications), wherever applicable and covers all IT- teams and usage of the IT platform by other departments. Another key- objective is to ensure that IT maintains an appropriate level of security in- compliance with company policy and requirements from regulatory & market- authorities and in accordance with recommendations from General Inspection,- Compliance, Internal Audit and External Auditors. This role also contributes- to the design, testing and roll-out of security controls such as access- management, exception management, data leakage prevention, etc. in accordance- with established regional processes
- - - - - -
Responsibilities
- - - - - -
Direct Responsibilities
- -
1. IT Risk Management
-
- - Inform- APAC IT Security Risk Management team about any new projects or major change- within India for further risk assessment.
-
- - Ensure- risk assessment on the in-scope projects, third-party vendors and the deviation- of policies & best practice is properly conducted. Ensure the- recommendation issued for projects and security exceptions / risk acceptances- are properly followed up.
-
- - To- translate policy statements into local guidelines and procedures in order to- produce enforceable actions
-
- - To- enforce an efficient user account management process in order to authorize- and control users accesses and habitations to IT Systems
-
- - To- monitor and ensure immediate and accurate reporting of any SIPL IT Security- related incident (intrusion, virus, etc.) to the regional & global IT- Security and Incident Management processes.
-
- - To- be part of the network rules review and recertification process, by reviewing- and approving all network access requests (including firewall, proxy and SMTP- requests), and perform periodical review.
-
- - To- work in partnership with the Business Lines, Organization & Methods,- Information Systems, and others to draw up measures for implementing the Company's- Information Systems Security Directives. Especially to participate to all- projects in order to ensure respect of good IT Security practices
-
- - To- occasionally participate in regional security risk assessment activity of- business line applications
-
- - To- work with different stakeholders and assist India CIO to implement the IT- risk management framework
-
- - To- conduct necessary security controls, reviews, assessment to ensure the best- security practice is in place .
- -
2. IT Security Control Design, Testing and Implementation
-
- - To- gather control requirements based on regulatory guidelines and business needs
-
- - To- assist in the design of local and business-specific security controls
-
- - To- contribute to the processing of day-to-day security events, leading or- supporting security investigations and escalation to relevant stakeholders- (Business, Compliance, Legal, HR, IT)
-
- - To- maintain exception management workflows and to track local exceptions and- their recertification
-
- - To produce- periodic KPI and KRI dashboards and distribute them to local management
- -
3. Coordination & Cooperation
-
- - To- actively coordinate and cooperate with other IT and APAC Security teams to- ensure best IT Security practices, deliveries and a smooth interaction
-
- - To- work closely with IT Infrastructure & Production team, as well as- Business Lines IT teams for closure of non-compliant issues found within- scope of responsibilityTo assist the production & follow up of Security- Dashboard by APAC SecurityTo maintain an IT Security Awareness training- program towards all local employees
-
- - To assist SIPL COO/CIO for the production of required- and requested reporting to the local regulatory & market authorities
-
- - To- answer requests raised by Internal Audit and Risk and to promptly close- findings and recommendations
- -
4. Team management
-
- - As- team head to supervise and lead the SIPL information security team:
-
- - Ensure the team's mandated learnings- (eLearning, classroom training) are completed before due date
-
- - Ensure block leave and carryover leave are managed- per policy
-
- - Ensure timesheets are recorded in Clarity
-
- - Identify development and training plan for the team
-
- - Create succession plan and backup plan for the team
-
- - When necessary, manage low performers with- development plans and keep track of the progress (if applicable)
- -
5. Permanent Control Aspects
-
- - Direct- contribution to BNPP operational permanent control framework.
-
- - Responsible- for the implementation of operational permanent control policies and- procedures in day-to-day business activities, such as Control Plan
-
- - Responsible- for ensuring team members (if applicable) to comply with regulatory- requirements and internal guidelines.
-
- - Responsible- for reporting all incidents according to the Incident Management System
-
- - Responsible- for ensuring job descriptions are written, distributed and updated
-
- - Ensure- audit recommendations are resolved within the specific timeline.
- -
Contributing Responsibilities
- -
1. Cooperation
-
- - To improve IT quality and process generally
- -
2
.
Compliance- & Control
-
- - Comply- with the BNPP IT Security policies
-
- - Comply- with the BNPP standards of Code of Conduct
-
- - Comply- with regulatory requirements and internal guidelines.
-
- - Ensuring- appropriate escalation to management and/or Permanent Control (or Compliance- as appropriate) as soon as an issue is identified
-
- - Minimizing- operational failure, including but not exclusively, the risk of fraud, by- helping to devise, and by implementing, sufficient regular controls
- -
3
.
Committees
-
- - Participate and- contribute to different committees related to the job scope, including but- not limited to IT management, IT risk management (TRM), country supplier risk- management, data governance, data protection, local outsourcing management,- etc.
- - - - - - -
Technical & Behavioral Competencies - - - - -
- - To be- knowledgeable of IT Security concepts.
-
- - To know IT- Security regional roadmap.
-
- - To maintain- a good knowledge of the technologies, systems, integration and workflows of- the IT Security program.
-
- - To know the- organization of global IT Security, as well as regional Security, who to- action depending on the matter and to maintain good relationships with IT- Security managers.
-
- - To know- program management methodology.
-
- - To know how- to define an action plan and to follow up on progress.
-
- - To be- organized and meticulous.
-
- - To know how- to communicate clear instructions and follow up while delegating- appropriately.
-
Negotiation skills.
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Specific Qualifications (if required) - - - - - - -
- - Securities practitioner- qualification is a must;
-
- - Strong local regulatory- experience on SEBI is required
-
- - Bachelors degree in- Computer Science, Information Security or equivalent experience
-
- - Holder of information security and risk- management (e.g. CISM, CISSP, etc.) preferred
- - - - - -
Skills Referential
- - - - - -
Behavioural Skills : (Please- select up to 4 skills)
- - - - - -
Ability- to collaborate / Teamwork
- - - - - - -
Communication skills - oral &- written
- - - - - - -
Decision Making
- - - - - - -
Personal Impact / Ability to- influence
- - - - - - -
Transversal- Skills: (Please select up to 5- skills)
- - - - - - - - -
Ability- to understand, explain and support change
- - - - - - -
Ability- to manage a project
- - - - - - -
Ability- to develop and adapt a process
- - - - - - -
Ability- to inspire others & generate people's commitment
- - - - - - -
Ability- to manage / facilitate a meeting, seminar, committee, training
- - - - - - -
Education- Level:
- - -
- - - - - - - - Bachelor Degree or equivalent (3 years)
- - - - - -
Experience- Level
- - -
At- least 7 years
- - - - - - -
Other/Specific Qualifications
(if- required) - - - - - - - - - - - - - - - - - - - - -
-