||The BNP Paribas Fortis Tribe Production Security supports IT and Business Units to develop adequate solutions in Information Security and Risk Management practices.
The mission of Tribe Production Security is:
In the context of the increasing number of cyber-threats and reported incidents, it is our obligation, as a Systemic Financial Institution, to comply with the prudential expectations set-out by the BNB/NBB (Nationale Bank – Banque Nationale), ECB, Internal Audit, etc. These imply our capability to continue to operate a defined set of critical business activities in the event of major (black and grey-swan type) cyber-attacks or incidents.
- to enable sound and formal information security risk decision making by BNPPF management, and
- to help management with implementing a proper information security management system.
Business critical activities in scope are those defined as extremely or very critical (= Vital).
The BNPP Group (CDF) launched Critical Assets Recovery & Cyber-Resilience Program. In alignment with the Group, BNPPF launched in 2019 a dedicated team, the CAR Core Team, responsible for the delivery of the target Critical Asset Recovery capabilities and responsible for achieving compliance with the required maturity levels. This in a documented way.
|| When joining the Cyber Resilience & IT Continuity, you should be able to work in a team, where we put sharing ideas, experience, information, etc. with others as essential, this in an Agile way of working.
Build strong inter-personal relationships with peers, incl. Security Manager and other key stakeholders on different levels of the organization that can help smooth execution.
Together with the others from the team, collect all the necessary information required to familiarize him/herself with BNPPF implementation of IT components (Operating systems, databases, endpoints, network, etc.) and business application/business chains
Together with the rest of the Team:
- participate in the identification, mapping, and documentation of all the IT assets and components supporting the Vital business activities in scope (creation of detailed as-is architecture and functional diagrams)
- identify gaps in existing plans (absence of a plan is a major gap) and document the risks/impact of these gaps towards operational continuity of the OCCO activities in case of cyber-attack leading to the loss of service of these assets (direct, indirect, etc.)
- assemble all the individual domain plans, further identifying dependencies, constraints, etc. with the objective of developing a planned and controlled sequence to restore functioning of the vital assets/applications
- execution of exercises and tests
- thinking out of the box with the knowledge of Windows, Linux, AIX, backup tools, Cloud, etc. to allow to come to an even better resilience of the bank’s core
- communicate, in a diplomatic manner, with engineers, architects, service provider, etc., with no fear of challenging them, with the eye on the deliverable and set deadline