Job Description

Credit Agricole CIB is the corporate and investment banking arm of Credit Agricole Group, the 10th largest banking group worldwide in terms of balance sheet size (The Banker, July 2022).
8,600 employees in more than 30 countries across Europe, the Americas, Asia-Pacific, the Middle-East and North Africa, support the Bank's clients, meeting their financial needs throughout the world.
Credit Agricole CIB offers its large corporate and institutional clients a range of products and services in capital market activities, investment banking, structured finance, commercial banking and international trade.
The Bank is a pioneer in the area of climate finance, and is currently a market leader in this segment with a complete offer for all its clients.

For more information, please visit www.ca-cib.com

Twitter: https://twitter.com/ca_cib
LinkedIn: https://www.linkedin.com/company/credit-agricole-cib/

Reference 2021-55267

Publication date 19/03/2021

Job description

Business type

Types of Jobs - Information systems / IT Project management

Job title

Run Expert- Vulnerability Management

Contract type

Fixed-Term Contract

Term (in months)

12

Management position

No

Job summary

Vulnerability Management Expert

Data Security Services team in Singapore is responsible for day-to-day operational services on the infrastructure of Europe (mainly France and UK) and Asia remotely from Singapore. France infrastructure represents approximately 80% of the worldwide production activities of CA-CIB in Singapore.

Team works in Asia and Europe time zones and this role will be aligned primarily to France, UK and SGP working hours. Flexible rotations are allowed based on the nature of duties.

The operational support of the team covers the following technical scope:

• Vulnerability Management Service
• Endpoint Security technologies - Anti-virus management, Host Intrusion Prevention System etc.
• Data Leak Prevention systems, Encryption Solutions: Disk Encryption, File and Folder encryption,Database Audit Monitoring solutions
• Phishing Prevention solutions.

Main responsibilities for this Role

Vulnerability Management Expert is an individual role within the Data Security Services team and will be responsible for owning the Vulnerability Management. The individual is supported by platform teams for remediation actions.

The position is pivotal for driving the process with various cros-functional (transverse) IT teams.

Person will be responsible for following (but not limited to) responsibilities in day-to-day work:

• Focal point of contact for Vulnerability Management and related topics- a go-to person for consulation regarding the vulnerabilities identified by the tool and guide & assist Infrastructure and Application teams to remediate the vulnerabilities identified under their application/infratstructure scope.
• Person will be responsible preparing the Vulnerability Management Plan and the executes plan through all the phases of Vulnerability Management Lifecycle.
• Ensures that the Vulnerability scans are scheduled, configured in tool and are executed as per the schedule. Any failure of scans are to be investigated and schedule to re-run;
• Conducts periodical discovery of IT Assets and ensures that identified assets are highlighted to CMDB owner for appropriate Asset tagging and also onboards the new asset in Vulnerability Management tool;
• Assess the indentified vulnerabilities and study & understand the risk profile, impact as per environmental context;
• Lead the discussions with Infrastructure and Application teams and advise them the relevance of vulnerability and help them understand the impact;
• Understand the false positives reported and the technical limitations of the environment and faciliatate the process of Risk Acceptance.

o Person will be responsible to liaise with various stakeholders for proposing and maintaining the approvals for such cases;

• Collaborate with Infrastructre teams- Windows, Unix, Networks etc for the remediation of the identified vulnerabilities.

Position location

Geographical area

Asia, Singapore

City

Singapour

Candidate criteria

Minimal education level

Bachelor Degree / BSc Degree or equivalent

Academic qualification / Speciality

• Should be a bachelors/masters/engineering graduate or equivalent technical degree in Information Technology or Computer Science
• Professional Certifications (highly preferred)

o Certified Information Systems Security Professional (CISSP)
o GIAC Enterprise Vulnerability Assessor (GEVA), or any other Vulnerability Management Certification
o CREST certification

Level of minimal experience

11 years and more

Experience

• 10 -12 years of IT experience with 6-8 years of IT Security experience and 5+ years of experience in managing Vulnerability Management process for an enterprise.
• Working experience in financial organization is highly preferred;
• Excellent in analytical, communication and documentation skills;
• Ability to organize work and be able to priories work as per the Operation's needs;
• Must have strong understanding of ITIL processes and comfortable working in process-oriented environment;
• Ability to work independently and as well as a part of team and is able to work under minimal supervision;
• Should have time management skills and able to manage work in fast moving environment;

Required skills

Work schedule is mainly focused to support Asia and EMEA time zone
o However, candidate may have to support outside of work-hours as per operational needs only if required.

Flexible Shift schedule is followed:
o General shift 10 AM - 7 PM or 11 AM - 8 PM SGT
o Afternoon Shift: 12:00 Noon - 9 PM SGT (as per operations needs as required).

Technical skills required

• Working & hands-on experience in managing Vulnerabililty Management process;
• Strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple operating system platforms, networks, database, and application servers.
• Ability to assess vulnerabilities and priortise remediation planning;
• Experience in working collaboratively with cross-finctional/transverse IT teams in Production setup (Operations) mode;
• Ability to apply Risk based approach while working on assigned responsibilities;
• Must have working experience in administrating and operating Tenable (Nessus) Security Center vulnerability management tool for a Large enterprise level environment;
• Good understanding of Reporting needs at various levels of organization and ability to design, create and present the same;
• Hands-on experience of creating reports using various tools such as Excel, Powerpoint, Word in graphical formats, trending;
• Experince in working with any BI tools like Power BI etc to prepare the dashboard;