The Information andCommunications Technology (ICT) Risk department is part of the Group RISK ORCFunctions within BNP Paribas. It is a part of the 2nd Line Of Defence (2LOD)under the Bank’s Chief Cyber & Technology Risk Officer. Among others, thedepartment has responsibility for identification of key technology risks to theBank and influencing business and technology partners to take sound riskmanagement decisions.
This is achieved bydelivering:
The Global Operational Resilience & Crisis Management programwithin RISK ORC ICT is a critical component in ensuring the Group’s ability toprevent disruptions to its critical services from occurring, continue to meetits objectives if a disruption or incident does occur and return to normalcy,when disruption or crisis is eliminated. This applies to Cyber, Technology,Supply chains, physical infrastructure and People.
The above is achieved through main teams such as Cyber Detection(including Cyber Fraud), IT Resiliency, Business Continuity Oversight andCrisis Management.
The position of Cyber Fraud & Forensic specialistwill be responsible for providing Cyber Forensic expertise within RISK ORC ICTand support in Cyber Fraud investigation matters.
· Provide independent risk opinion and challenge onCyber Forensic Reports by First line of Defense teams.
TRAININGAND OCCUPATIONAL EXPERIENCE
• Bachelor’s degreefrom an accredited college/university or equivalent work experience in ComputerScience, Information Technology, or a similar discipline.
• Demonstrate andmaintain a proficiency forensic investigation techniques using a variety ofcommercial and open source digital forensic tools (e.g., EnCase, FTK, X-Ways,SIFT Workstation, NUIX).
• Currentlymaintaining one or more professional certifications related to DigitalForensics or Incident Response (e.g., GCFE, GCFA, GREM, EnCe, CFCE).
• Proficient in thelatest forensic, response, and reverse engineering skills and astute in thelatest exploit methodologies.
• Experienced withconducting Incident Response and Forensic investigations within a globalenterprise across multiple platforms and technologies.
• Ability toindependently investigate complex cases including cyber security incidents,intellectual property theft, fraud and abuse, asset misuse, and violations ofcorporate policy.
• Familiarity withmalware analysis and signature & hash analysis.
• Demonstrate astrong understanding of hardware architecture, connection types, file systemand internal system artifacts a variety of operating systems (e.g., Windows,UNIX, Linux, Mac OSX).
• General workingknowledge of networking protocols, security technologies, and applicationservices.
• Ability tointerpret device and application logs from a variety of sources (e.g.Firewalls, Proxies, Web Servers, System Logs, Splunk, Packet Captures, etc.) toidentify anomalies or evidence of compromise.
• Industry-recognizedinformation security certifications such as CISSP, CISA, GCCC, CISM, CRISC,CEH, OSCP or Security+.
• Mastery ofdelivering formal deliverables such as PowerPoint presentation, reports orprocedures.
• Demonstratedability to communicate effectively and to present in a structured approach.
• Mastery of MSOffice skills.
• Good knowledge ofICT subjects.
• Demonstratedability to communicate effectively with stakeholders and technical staff.
• Excellent writtenand verbal communication
• High Level ofEnglish
• High Level ofFrench will be a plus
• Possesses excellent report writing skills and theability to present findings to management, legal and business leaders.
• Good listening and analytical skills – being able tocome to a thoughtful and business focused conclusion quickly.
• Ability to co-operate and work well with othersadopting an approachable style – Important as we work closely with a large anddiverse set of suppliers and customers.
• Ability to see the customer perspective, i.e. from abusiness point of view, the most secure solution is not always workable orrealistic considering costs and benefits.
• Demonstrating a calm professional approach, with agood understanding of delivery within time constraints and the need toescalate/inform departmental management as appropriate.
• Adapting personal approach to suit situations,individuals, groups and cultures. Is flexible in relation to getting the jobdone.
• Taking accountability for their actions and be openand honest when things have gone wrong, and celebrating successes when thingshave gone well.
- Being rigorous and thorough – especially when
logging and tracking issues through to conclusion.
- Ability to manage their workload as to meet the
realistic targets and priorities set in conjunction with management.
- Demonstrating a high-level of commitment and
self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business.
- Ability to express views clearly and fluently, both
orally and in writing. Considers the audience, avoiding technical jargonwherever necessary and appropriate.
• Works iteratively, delivering quickly and frequentlyto produce high quality documents and outputs which require little to no rework.
• Role model, promotion of a culture of good conduct andcontribution to maintaining such a culture.
• Demonstrate proactivity, transparency andaccountability for identifying and managing conduct risks.
• Consider the implications of your actions oncolleagues, partners and clients before making decisions, and escalate issuesto your manager when unsure.
• Prepared to travel internationally.
• Has the proven ability to think outside of the box,challenge industry norms and adapt quickly to evolving requirements.
• Excellent in the ability to understand how and whyprocesses and solutions are designed to deliver specific outcomes.
• Is self-aware, anticipates problems, adapts and meetsthem head on.
• Strong stakeholder management, relationship building,influencing, facilitating and presenting skills.
• Is solutions focused – measures their output onwhether issues, problems or challenges are resolved as a criteria for success.