Skip to main content

Subject Matter Expert Security

brussel START DATE: TBD DEADLINE: 2024-06-21
For our client BNP Paribas we are looking for a Subject Matter Expert Security
Start date: 01/07/2024
End date: 31/01/2025

The GRC Norms & Control team is responsible for deploying the Cyber Security Normative Framework, derived from BNPP Group, local legislation, and market standards, to ensure internal and regulatory compliance. We are seeking an ICT Cyber Security Norms & Compliance expert to support this mission.

Function Description

As an ICT Cyber Security Norms & Compliance expert, you will be tasked with the following activities:

Maintaining BNPPF Cyber Security Normative Framework:

  • Ensure understanding of Group IT Governance & Cyber Security and Risk Normative Framework, including procedures, requirements, guides, and standards.
  • Analyze and ensure clarity of the Group Normative Framework's wording.
  • Adapt and integrate the Group Cyber Security Normative Framework within BNPPF.
  • Evaluate updates to the Group Normative Framework to identify potential implementation issues.

Enhancing BNPPF Cyber Security Normative Framework:

  • Add additional requirements or procedures to align with local laws, regulations, and contractual requirements.

Reporting:

  • Maintain a traceable inventory of changes to the Cyber Security Normative Framework.
  • Provide a comprehensive compliance report covering Group, local laws, PCI DSS, etc.
  • Report the deployment results of the Cyber Security Normative Framework to senior management and stakeholders, including Internal Audit.

Process and Standards Development:

  • Contribute to the creation and updating of Cyber Security processes and procedures.
  • Support the creation and update of security standards.

Language Requirements

  • Dutch: Good speaking and writing skills (optional)
  • French: Fluent speaking and writing skills (mandatory)
  • English: Fluent speaking and writing skills (mandatory)

Education

  • Master's degree in IT, science, or engineering with a strong ICT compliance background, or proven equivalent experience/skills in the area.
  • ICT Audit certification: ICT Audit/ICT controls.

Certification

  • Formal ICT Security certification or equivalent (CISA, CISM, CISSP, ISO 27001 lead auditor/implementer).

Travel

  • Not applicable

Telework

  • Expectation: 50% on-site and 50% homeworking

Required Experience / Knowledge

Mandatory:

  • At least 5 years of professional experience in Information (Cyber) Security and ICT Governance.
  • Proven skills and experience in Information Security.
  • Excellent knowledge of Information Security Standards (NIST, PCI DSS).
  • Knowledge of EU and Belgian regulations in security.
  • Skills in coordinating and collaborating with different teams and external resources.
  • Reporting experience to senior management on compliance with laws and regulations.
  • Experience in metrics definition and dashboarding.
  • Proficient in Excel (pivot tables, formulas), Word, and PowerPoint. Knowledge of SharePoint (as a user).

Preferable:

  • Formal ICT Security certification or equivalent (CISA, CISM, CISSP, ISO 27001 lead auditor/implementer).
  • Knowledge of audit and diagnostic techniques and procedures.
  • Project management/coordination skills.
  • Knowledge of GRC tools such as RSA Archer and SNOW.
  • Knowledge of Agile methodology.
  • Knowledge of regulations such as CHAPS, CIS.

Business Experience

Mandatory:

  • Understanding of end-to-end ICT process flows and stakeholders (IT and business).
  • Ability to communicate effectively with business stakeholders regarding the Cyber Security Normative Framework.
  • Ability to challenge stakeholders.
  • Experience in drafting reports, memos, and presentations for senior management.

Preferable:

  • Experience in the banking environment.

Soft Skills

  • Analytical skills to interpret complex information and propose practical recommendations.
  • Ability to produce structured and concise documents.
  • Excellent interpersonal skills and ability to build strong working relationships in sensitive contexts.
  • Proactive attitude.
  • Strong planning and organizational skills to meet deadlines.
  • Problem-solving skills.
  • Excellent English writing skills.
  • Ability to work in a dynamic and multicultural environment.

Join us to enhance and ensure compliance with our Cyber Security Normative Framework while contributing to a secure and compliant ICT environment.