Job Description

In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 18,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.

Worldwide, BNP Paribas has a presence in 68 markets with more than 193,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.

• excluding partnerships

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. https://careers.apac.bnpparibas/

Position Purpose

The APAC DLP Incident Investigation Analyst reports to the APAC DLP Investigation & Remediation Lead and has strong IT security knowledge in different areas. The role focuses on investigating and remediating data leakage related alerts and incidents raised by different it security controls, users, and monitored channels. Responsibilities Direct Responsibilities

• Directly process various types of data breach incidents, collect evidence and coordinate every aspect of investigations using all available information sources
• While processing alerts and incidents, coordinate the work of different stakeholders, both local and regional
• Collect findings, identify root cause, and propose long‐term solutions which support business processes
• Liaise with IT support teams to gather additional evidence and access necessary data
• Prepare incident documentation ﴾notifications, assessments, reports, post‐mortem, etc.﴿
• Escalate issues in an effective manner and resolve them with managers and the rest of the team
• Work towards the established internal time frame and targets agreed with business stakeholders
• Gain an understanding of sensitive data within the organization, business processes, data life cycles, and data privacy requirements from business and regulatory perspectives

Contributing Responsibilities

• Contribute to the research activity which focuses on user behaviour analysis in order to enhance our ability to capture serious breaches and to customize awareness messages
• Proactively suggest new use cases based on investigation results and user behaviour analysis. Provide input to the Requirement Manager on the maintenance and design of DLP rules
• Suggest improvements of awareness campaigns, training sessions, workshops, for the various employee profiles
• Assist in designing and producing customized DLP reports, and contribute to the preparation of KPI and KRI for internal use and for management dashboards
• Partner with the Cyber Security team on monitoring and investigation
• Contribute to maintaining a reputation of excellence and professionalism vis a vis all senior management
• Actively contribute to BNPP Operational Permanent Control. Improve operational risk management, execute first‐level controls and partner with IT OPC for second‐level validation

Technical & Behavioral Competencies

Essential skills

• Understanding of data protection challenges within a large organization
• Experience with Data Leakage Prevention, evidence gathering and analysis, and forensic investigations
• Prior exposure to IT Security
• At ease with engaging very various stakeholders for the purpose of assessing and remediating incidents

Useful skills

• Familiar with regulatory requirements on data privacy and data protection in main APAC countries
• Experience in an audit or a compliance role is a plus

Behavioral competencies

• Excellent interpersonal and communication skills
• Ability to propose innovative ideas and solutions
• Values and demonstrates integrity
• Possesses strong organizational and analytical skills
• Team player
• Takes initiative and is results driven
• Ability to manage change and complexity with confidence
• Client focused and commercial thinking
• Self-motivated and willing to adapt to a new work environment
• Fosters cooperation, communication and commitment among groups and teams
• Anticipates and resolves conflicts and removes barriers to success

Specific Qualifications (if required)

Minimum 3-5 years of experience in the following areas:

• Large organization(s), preferably international banking
• Handling of security incidents analysis / investigations
• Technology, tools, policies, and standards related to data protection and data breach incident response
• Electronic investigation, forensic tools and methodologies, including log correlation and analysis, forensically handling electronic data, and computer security investigative processes
• Legal and regulatory aspects surrounding electronic discovery and analysis

Education

• Bachelors or Masters Degree in Computer Science, Information Systems, Engineering or a related field

Languages
Certifications

• CISSP, CISM or CISA preferred