Territory Chief Information Security Officer

REQUIREMENTS AND QUALIFICATIONS:

• From 12 years of experience in a combination of risk management, information security and IT development or operations jobs (at least five must be in a senior leadership role)
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists
• Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist
• Ability to set up and develop a network.

OTHER SKILLS:

• Personal impact / Ability to influence and take decisions and convince
• Creativity and innovation / Problem solving
• Ability to synthetize/simplify
• Ability to deliver / Results driven
• Decision making
• Resilience / Ability to act calmly and competently in high-pressure, high-stress situations and ability to resolve conflicts
• Operational English
• Ability to develop others and improve their skills
• Ability to understand, explain et support change
• Ability to develop and leverage networks
• Ability to anticipate business/strategic evolution
• Ability to inspire others and generate people`s commitment
• Ability to conduct negotiation. MISSIONS:

Territory refers to one country or a group of countries within the same Region. In office in one of the three Regions of BNP Paribas, Territory-CISO (T-CISO) is functionally attached to the Regional CISO (R-CISO). She/He oversees the following missions:

• Be the local intermediary of the R-CISO and ensure the implementation of Group governance and security measures, with the help of Business CISO (B-CISO) in their Territory
• Contribute to the implementation of the Group global cyber services and, if appropriate, organize the rollout of complementary territory cyber services
• Develop relations with local regulators and follow up on recommendation. The T-CISOs works together with its R-CISO on topics listed within this role description. T-CISOs have a dotted line towards the R-CISO of the corresponding Region. The role of T-CISO does not imply any reporting relationship with Entity CISOs. Decisions made by the T-CISO on budget, governance and organization must be validated by the Entity to which the T-CISO reports as well as the CDF central team.

MAIN ACTIVITIES:

1. Be the local intermediary of the t-CISO and ensure the implementation of group governance and security measures, with the help of the local B-CISOS in the territory:

• Set up and coordinate a network of CISOs within the territory, notably to promote the mobility between local Entities and the sharing of experiences (areas of expertise, best practice, aEUR|)
• Ensure coherence in IT risk and Cyber risk management at local level, in line with Group recommendations
• Attend to Group-level committees that broadly share information to local Entities (Group Cyber Forum), and monitors the Cyber Security - Assessment (Cyber Panorama) deployment
• Attend to Cyber Task Force for selected Entities

• Participate in the cyber incidents` response at the Territorial level, in compliance with the aEURoeCyber Security Incidents Management1- and aEURoeCyber Security Crisis Management2- procedures and the local Target operating Model.

• Contribute to the implementation of the group global cyber services and, if appropriate, organize the rollout of complementary territory cyber service:

• Attend to global cyber services design/management/deployment committees organized by the Group

• Organize the deployment of the Groups cyber service catalog3 in the Territorys Entities
• Ensure the implementation of complementary territorial cyber services (at the territorial or regional level), to the detriment of cyber services specific to the local Entity

• Validate local Entity-specific cyber service usage exceptions

• Develop the relation with local regulators, and follow up on recommendation:

• Be informed of the regulators` missions on the local Entities

• Be the Head of Territory`s privileged point of contact on cyber issues with local regulators
• Coordinate the central response to local regulators in the event of a cyber incident in its Territory Ensure the follow-up of the remediation plans for each IT recommendation assigned to local Entities Lead the progress of remediation plans related to the recommendations of local regulators and report to CDF Why BNP Paribas-
• Progressive career development opportunities of a large multi-national bank
• Talent Development opportunities within BNP Paribas Group
• Employee culture that is focused on creating a great place to work
• Multinational business environment
• On-the-job training and networking opportunities.