Role of Wealth Management India IT Risk and Information Systems Security Manager, being understood this role includes delegations from APAC WM CISO for the team located in India territory and fully participates in overall WMIS Cybersecurity and IT Risk objectives.
Participate to IT project security reviews conducted both on a global and APAC basis across all platforms. Participate in the Security Operation meetings in APAC, EMEA & CH regions. This requires the incumbent to foster close working relationships with other business areas and IT Development / Production / CSIRT / Production Security teams.
The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator.
WM IT Risk and Security Manager
o Manage the WM IT Risk and Security local team in India by managing the recruitment, performances review as well as training and career-path development.
o Coordinate with APAC WM security actors, including India-based resources.
o Coordinate with APAC WM IT teams on risk and security topics, while promoting a secure development and deployment culture
o Assist for a Risk Treatment for any APAC WM issue, based on the WM GAIM generic process.
o Periodic reporting of security status to WM CISO APAC and WM Global CISO
o Contribute to the IT Risk and Cybersecurity Governance including procedural framework, Cybersecurity awareness and communication.
o Ensure the regular reporting for management follow-up
IT Security Compliance (delegation on WM APAC scope)
o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets.
o Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes.
o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA)
o Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements
o Ensure the compliance with the Third-party Technology risks and Cloud security.
o Identify the process gaps and provide solutions.
Application Security
o Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices.
o Identify and implement the latest security standards for internet facing and internal assets.
o Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing SAST, Dynamic Acceptance Security Testing DAST and Software Composition Analysis SCA).
Perform Security risk assessments and reviews to be presented to respective committees.
Ensure the adequate security level for all WM GAIM applications, whatever the IT project managers location and hosting provider.
Production Security Oversight (delegation on WM APAC scope)
o Identify the production security requirements and ensure a smooth integration of WM assets within APAC IT Production, including network flow opening and Application Zoning compliance.
o Identify the compliance level of the production environment and contribute to remediation actions definition while keeping the oversight on actions progress.
o Keep an overview and ensure the adequate Vulnerability Management at the server and middleware level leveraging on production scans and liaising with relevant production stakeholders. Contribute to the management of Cybersecurity incidents.
CyberSecurity Program (delegation on WM APAC scope)
o Contribute to the steering and driving of the security initiatives on the APAC scope expected by the WM Cybersecurity Program.
Contributing Responsibilities
Coordination with IT Security actors
o Reporting line to the
WM GAIM Global CISO
: alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Wholesale Application Security Dashboard) o Coordination and control of security activities performed by
APAC CIB Business Information Security and Production Security
teams, including project assessment from production point of view, production security review, user security awareness for the WM scope. o Coordination with the
Swiss Security team
concerning integration of WM assets within Swiss IT production. o Keeping abreast of initiatives by the
IT Security community within the Group
and other IT Security stakeholders within the Group. Technical & Behavioral Competencies
Cybersecurity / Technical Value-added Competencies
Cybersecurity Governance : framework (NIST / CIS framework), Security incident management, Logging & Detection (SIEM ELK products)
DevSecOps : CI/CD toolchain knowledge of various tools
o Source code management: sonarQuabe, bibucket, github/gitlab
o Security application scanning (e.g. Sonatype/NexusIQ, Fortify, AppSpider, Qualys, DTR scan)
o Automation/orchestration: Ansible tower, Jenkins
Application Security: Threat modeling, Security architecture key concepts, exposure to various development framework and applicative landscape (Java/Web, Mobile applications, containerization/docker, kubernetes, API management, Cloud security)
Vulnerability Management
o Nexpose, Nessus
Ethical Hacking Knowledge
o Kali Linux knowledge (metasploit, nmap)
Specific Qualifications (if required)
Qualifications and Experience
10 years' experience in information security evaluation and design of technical architectures
Functional as well as technical knowledge of the applications used within BNP Paribas
Knowledge of the Norms and Standards of the BNP Paribas Group, in particular with respect to ITRM & Wholesale IT Security Norms and Policies
Team management experience is a must
Preferred Master level in Computer science and Information Security
Skills Referential
Behavioural Skills :
Communication skills - oral & written
Ability to collaborate / Teamwork
Decision Making
Ability to deliver / Results driven
Transversal Skills:
Ability to set up relevant performance indicators
Ability to develop and adapt a process
Ability to manage a project
Ability to develop others & improve their skills
Ability to manage / facilitate a meeting, seminar, committee, training
Education Level:
Master Degree or equivalent