In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 17,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.
Worldwide, BNP Paribas has a presence in 73 markets with more than 196,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.
BNP Paribas offers you an exciting career in an international business environment that is fast-paced, diverse and focuses on creating high-value relationships with our clients. We offer competitive salary and benefits, as well as a working environment where you’re valued as part of the team.
* excluding partnerships
The APAC Data Leakage Prevention Program is part of an ambitious Group-wide initiative aimed at better protecting the Bank against potential leakage of sensitive information from any Business or Function.
DLP is a top priority for every organization and especially for financial institutions. The number of serious data breaches is on the rise, and APAC regulators are putting increasingly strong emphasis on the need to protect data we are entrusted with.
In a context of stringent risk-control, BNP Paribas continues to invest in Cyber Security and we are taking proactive measures to securely handle client, business, and staff information.
Launched in 2014, the APAC DLP Program is a multi-year initiative aimed to gradually improve the monitoring and prevention of unauthorized transmission or disclosure of our data assets.
Data Leakage Prevention depends on a combination of people, processes, and technology as its strategic control foundation. The APAC DPS incident remediation analyst reports to the Head of APAC Data Protection Services team and has strong IT security knowledge in different areas. The role focuses on remediating alerts raised by different it security controls.
Direct responsibilities of the APAC DPS incident remediation analyst
• Directly process various types of data breach incidents, collect evidence and coordinate every aspect of investigations using all available information sources
• While processing alerts and incidents, coordinate the work of remediation stakeholders, both local and regional
• Collect findings, identify root cause, and propose long-term solutions which support business processes
• Liaise with IT support teams to gather additional evidence and access necessary data
• Prepare incident documentation ﴾notifications, assessments, reports, post-mortem, etc.﴿
• Escalate issues in an effective manner and resolve them with managers and the rest of the team
• Work towards the established internal OLA and the SLA agreed with business stakeholders
• Gain an understanding of sensitive data within the organization, business processes, data life cycles, and data privacy requirements from business and regulatory perspectives
Contributions of the APAC DPS incident remediation analyst
• Contribute to the research activity which focuses on user behaviour analysis in order to enhance our ability to capture serious breaches and to customize awareness messages
• Proactively suggest new use cases based on investigation results and user behaviour analysis. Provide input to the Requirement Manager on the maintenance and design of DLP rules
• Suggest improvements of awareness campaigns, training sessions, workshops, for the various employee profiles
• Assist in designing and producing customized DLP reports, and contribute to the preparation of KPI and KRI for internal use and for management dashboards
• Partner with the Cyber Security team on monitoring and investigation
• Contribute to maintaining a reputation of excellence and professionalism vis a vis all senior management
• Actively contribute to BNPP Operational Permanent Control. Improve operational risk management, execute first-level controls and partner with IT OPC for second-level validation
Technical and Behavioral Competencies
• Understanding of data protection challenges within a large organization
• Experience with Data Leakage Prevention, evidence gathering and analysis, and forensic investigations
• Prior exposure to IT Security
• At ease with engaging very various stakeholders for the purpose of assessing and remediating incidents
• Familiar with regulatory requirements on data privacy and data protection in main APAC countries
• Experience in an audit or a compliance role is a plus
• Excellent interpersonal and communication skills
• Ability to propose innovative ideas and solutions
• Values and demonstrates integrity
• Possesses strong organizational and analytical skills
• Team player
• Takes initiative and is results driven
• Ability to manage change and complexity with confidence
• Client focused and commercial thinking
• Self-motivated and willing to adapt to a new work environment
• Fosters cooperation, communication and commitment among groups and teams
• Anticipates and resolves conflicts and removes barriers to success
Minimum 3-5 years of experience in the following areas:
• Large organization(s), preferably international banking
• Handling of security incidents analysis / investigations
• Technology, tools, policies, and standards related to data protection and data breach incident response
• Electronic investigation, forensic tools and methodologies, including log correlation and analysis, forensically handling electronic data, and computer security investigative processes
• Legal and regulatory aspects surrounding electronic discovery and analysis
• Bachelors or Masters Degree in Computer Science, Information Systems, Engineering or a related field
• Excellent level in verbal and written English is essential
• CISSP, CISM or CISA preferred