The Graduate Programme is a comprehensive 24-month programme designed to equip graduates with the technical skills and individual competencies to embark upon a successful career within the BNP Paribas Group. This opportunity includes a formal mentoring programme, graduate community initiatives, relevant technical training and on- the- job learning from our managers and highly experienced team members.
IT Security Risk Analyst ensures that processes across IT operate securely. The remit extends across all aspects of IT security, i.e. policies, standards and procedures, authorization and administration of accesses, networks, servers and workstations, operating systems, databases and applications. Proactively monitors and assesses the IT infrastructure/applications of the company to ensure that the confidentiality, availability, integrity and traceability of IT systems are maintained. It also requires the incumbent to foster close working relationships with other business areas and Business Unit IT and IT Infrastructure Production teams
It covers all IT teams and usage of the IT platform by other departments, as far as the infrastructure and staff located in Asia Pacific are concerned. Another key objective is to ensure that IT maintain an appropriate level of security in compliance with company policy and requirements from regulatory authorities and in accordance with recommendations from General Inspection, Compliance, Internal Audit and external auditors.
Cooperation & contribution
- To actively coordinate and cooperate with other IT and IT Security teams (local, global and regional) to ensure best IT Security practices and deliveries and a smooth interaction.
- To work in partnership with the Business Lines, Organization & Methods, Information Systems, and others to draw up measures for implementing the Bank's Information Systems Security Directives.
- To work closely with Global IT Security & Risk Assessment team to follow-up on strategic projects and security issues.
- To effectively manage cross-functional internal/external team collaboration and communication to effectively and efficiently manage IT Security Risk topics
- To manage the relationship with a particular business throughout Asia
- To participate in audits by internal/external auditors and regulators and articulate controls that satisfy concerns raised by auditors
- To participate & contribute during an IT Security related incident (intrusion, virus, etc.) from risk assessment perspective as and when required
- To work closely with System, Network and Application Teams for closure of non-compliance issues found.
- To contribute to IT quality and process improvement generally.
Security Risk Management
Key Activities include:
- IT Security Risk Assessment (New Project, Major app/infra Change and Existing apps)
- Perform Application, Infrastructure & Network architecture security review
- Perform IT security Site Review for branch offices, Data Centre & vendors, as and when required
- Advise and validate the IT security requirements for any projects that are deployed in this region.
- Register, follow up and track Security recommendations, findings & security exception/risk acceptance
- Provide accurate and timely Information technology Security Risk Assessment reports
- Work closely with asset owners or representatives and technical staff to communicate, drive and track the implementation/remediation of security recommendation/findings.
- Responsible for developing and implementing IT security assessment and risk management frameworks and policies
IT Security Consulting
- Focal point for the assigned business unit on IT security & Risk Management related topics in APAC region
- To manage and support all IT Security & Risk Management related activities assigned business unit coverage in APAC region
- Provide IT Security recommendations to information/infrastructure/application risk issues
- Translate policy statements to enforceable actions
- Provide security consultancy to various security requests and inquiries raised from the business units to the APAC IT Security Risk Management team.
- Perform Firewall Pre-Change Review for APAC. To be fully part of the network firewall rules approval process, by reviewing and approving FW requests (including firewall, proxy and SMTP requests)
- Perform Firewall Post Change review process to meet regional regulatory requirements such as MAS, HKMA, etc. To be fully involved in the process in BAU ensuring all approved existing/legacy rules are technically appropriate, request revalidated and reconciled.
- Security validate & approval (via Service Now / SAILPOINT), including below but not limited toTo work on
- Security requests (via Service NOW, Sail Point) and ensuring timely response to requestors
- External Media Access Request
- Data restoration (Production to Non-production)
- URL whitelisting request
- User browser whitelisting
- SRA (remote access) whitelisting
- Data Transfer/Download To/From Removable device
- To work on Security requests (via Service NOW, Sail Point) and ensuring timely response to requestors
- Internal/External Audit support as and when required
Controls & Procedures
- To participate in the regular security review of the assigned business units
- To ensure that work is conducted adhering to compliance, data protection (customer & personal data) and other regulatory requirements.
- To minimize operational risks and risks of fraud by implementing regular and sufficient controls related to his position.
- To escalate to his management and/or Operational Risks & Permanent Control any issues identified.
- To actively participate to IT Security Team Organization Framework including, but not limited to, correct time-tracking booking, timely & accurate recording of activity.
Required Skills and Abilities
Technical and Behavioural Competencies
Students who have recently graduated or graduating in 2018 from all areas of disciplines are most welcome to apply. Applications will be reviewed on a rolling basis.
- Strong analytical & execution skills
- Strong service delivery mindset
- Be organized and meticulous.
- Able to handle stakeholders in a confident, positive and responsive manner.
- Excellent interpersonal and communication & writing skills
- Team work mindset and able to work independently
- Adaptability to fast changing environment and technology
- Takes initiative and is results driven
- Prior related internship within the banking industry is an advantage
- Proficiency in Microsoft office (MS Word, Excel & Power point)
- Following competencies would be advantageous
- Knowledge of IT infrastructure & network and application security.
- Knowledge of IT Security Risk Management concepts and with good understanding of industry APAC regulations i.e. MAS TRM, HKMA, FSA, etc.
- Technical Knowledge in: Unix / Linux; Windows 2008/2012/7 operating Systems
Specific Qualifications would be advantageous
- Professional credentials in relevant IT security disciplines, such as ITIL-SM, ITGI, CGEIT, CISM, CISA or CISSP, including CISSP-ISSMP, in good standing
- Job type:Graduate jobs
- Closing Date:28th Feb 2018, 6:00 pm