BNP Paribas Overview
BNP Paribas has a presence in 75 countries with more than 185,000 employees, including 145,000 in Europe. It ranks highly in its two core activities: Retail Banking & Services and Corporate & Institutional Banking (CIB).
BNP Paribas Corporate & Institutional Bank is a leading European investment bank with global leadership in many of our businesses. With nearly 20,000 employees in over 45 countries, CIB can offer you an exciting and truly global career.
At BNP Paribas CIB, we work continuously on behalf of our clients, helping them to realize their projects around the world. You can be an important part of this, helping us to serve our clients both in mature and emerging markets, providing them with financial solutions across a diverse range of expertise, products and services. Our origins lie in Europe, but nearly a quarter of our employees now work in our multi-award-winning Asia Pacific offices and we are a committed player in all markets.
Strong risk management, combined with the stability that comes from being part of one of the largest banking groups in the world, underpin our success. Joining us, you’ll become an integral part of a dynamic team that spans nationalities, cultures and backgrounds, drawing together people from around the globe and reflecting our commitment to international placements.
The Information and Communications Technology Risk department is part of the Group Risk Functions within BNP Paribas. It is a part of the 2nd line of defence under the Bank’s Chief Cyber & Technology Risk Officer. The department has responsibility for identification of key technology risks to the Bank and influencing business and technology partners to take sound risk management decisions. This is achieved by delivering:
– Application & Infrastructure Risk Assessments working with the Business and Technology teams to identify security issues in existing and new systems, and agree corresponding actions to mitigate or accept risks. Tracking issues and agreed actions to completion.
– Horizontal Risk Assessments – Assessing technology risks in relation to a particular theme or technology across the organisation. Examples could be assessments of the firewall change process, applications processing >$5m per day, applications hosted in the cloud, etc.
– Vertical Risk Assessments – Assessing risks to a product, service, technology or infrastructure. For instance we may complete a vertical assessment on our remote working solution (including Infrastructure, applications, data, threats etc) or our Internet connectivity.
– Risk Intelligence: Understanding the attack surface / threat landscape and providing an independent view of security posture and risk appetite to key stakeholders
Cyber Risk Intelligence plays an integral role in the intelligence driven risk assessment of banks security posture. The Cyber Risk Intelligence team is responsible for external engagement with peer groups and information security circles regarding cyber threats to proactively assess and issue an independent risk perspective on cyber threats such as intrusions, malware, unauthorized access, insider attacks and loss of proprietary information. This includes developing a deep understanding of global threat actors.
Cyber Risk Intelligence Analysts within the Risk Intelligence team provides intelligence support to ICT Risk and business stakeholders. Analysts need a sharp intellect, an eye for detail, a high analytical capability and a good technical/cyber underpinning. Cyber Risk Intelligence Analysts are able to work autonomously, using sound judgment to decide which leads to pursue and prioritize threat assessments and workload accordingly. An interest in cyber, current affairs and technology is essential.
As a Cyber Risk Intelligence Analyst, you will directly report to the Head of Cyber Risk Intelligence and collaborate with key stakeholders in IT Security and ICT Risk. You will build a thorough understanding of Global Cybersecurity at the firm in order to provide high impact risk intelligence to protect the firm. Prior experience in investment banking, asset management, consumer and/or commercial banking, will put you at a distinct advantage.
As a graduate in Cyber Risk Intelligence you will gain exposure to multiple areas of the department, and assist the team in any of the following:
- Producing threat assessments and working on bespoke projects for Cyber Risk Intelligence team
- Research into the open and deep / dark web; identifying and cultivating new sources of threats
- Understanding the cyber threat landscape that the bank is facing; providing regular research and analysis, whilst updating them on market trends and latest products
- Contribute to Cyber Risk Intelligence Reports, providing detailed analysis on cyber events, including relevant political, economic and geopolitical variables. Provide a forward-looking view of the key cyber risks, predicting shifts in adversarial intent, goals and strategic objectives.
- Maintain detailed threat actor profiles on adversaries of interest/relevance to the firm, covering tactics, techniques and procedures, intent, goals and strategic objectives.
- Maintain knowledge of the threat landscape by monitoring open and closed intelligence sources and contribute regularly to threat landscape briefings.
- Contribute to regular written and verbal briefings and presentations for ICT Risk and Lines of Business teams.
- Participate in ICT Risk projects or initiatives as necessary to get a broad perspective of the global ICT Risk team
- Analyse large volume of data to produce innovative reporting metrics on cyber risks
- Attend relevant cyber security conference, intelligence sharing sessions or peer group meetings to further advance the knowledge of cyber threats
Skills and Experience Required
- BA/BS or equivalent combination of education and experience
- Good troubleshooting, presentation, and consultative skills
- Outstanding communication, both written and verbally.
- Knowledge of /interest in cybersecurity and a basic understanding of the principles of intelligence analysis.
- Understanding of networking concepts and Information Security, including emerging threats and attack methodologies.
- Knowledge of global threats to international cyber security, and conversant in the tactics, techniques and procedures used by cyber adversaries.
- Basic understanding of the principles of cyber security, cyber risk and cyber threats
- Using own initiative to work independently
- Financial sector experience is not essential but would be beneficial
- Be a role model, supporting and fostering a culture of good conduct
- Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks
- Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure.
CLOSING DATE 24th June