Territory Chief Information Security Officer

Territory refers to one country or a group of countries within the same Region. In office in one of the three Regions of BNP Paribas, Territory-CISO (T-CISO) is functionally attached to the Regional CISO (R-CISO). She/He oversees the following missions:

Be the local intermediary of the R-CISO and ensure the implementation of Group governance and security measures, with the help of Business CISO (B-CISO) in their Territory

Contribute to the implementation of the Group global cyber services and, if appropriate, organize the rollout of complementary territory cyber services

Develop relations with local regulators and follow up on recommendation. The T-CISOs works together with its R-CISO on topics listed within this role description. T-CISOs have a dotted line towards the R-CISO of the corresponding Region. The role of T-CISO does not imply any reporting relationship with Entity CISOs. Decisions made by the T-CISO on budget, governance and organization must be validated by the Entity to which the T-CISO reports as well as the CDF central team.

MAIN ACTIVITIES:

• Be the local intermediary of the t-CISO and ensure the implementation of group governance and security measures, with the help of the local B-CISOS in the territory:

Set up and coordinate a network of CISOs within the territory, notably to promote the mobility between local Entities and the sharing of experiences (areas of expertise, best practice, …)

Ensure coherence in IT risk and Cyber risk management at local level, in line with Group recommendations

Attend to Group-level committees that broadly share information to local Entities (Group Cyber Forum), and monitors the Cyber Security Assessment (Cyber Panorama) deployment

Attend to Cyber Task Force for selected Entities

Participate in the cyber incidents' response at the Territorial level, in compliance with the "Cyber Security Incidents Management1" and "Cyber Security Crisis Management2" procedures and the local Target operating Model.

2.Contribute to the implementation of the group global cyber services and, if appropriate, organize the rollout of complementary territory cyber service:

Attend to global cyber services design/management/deployment committees organized by the Group

Organize the deployment of the Group's cyber service catalog3 in the Territory's Entities

Ensure the implementation of complementary territorial cyber services (at the territorial or regional level), to the detriment of cyber services specific to the local Entity

Validate local Entity-specific cyber service usage exceptions

3.Develop the relation with local regulators, and follow up on recommendation:

Be informed of the regulators' missions on the local Entities

Be the Head of Territory's privileged point of contact on cyber issues with local regulators

Coordinate the central response to local regulators in the event of a cyber incident in its Territory Ensure the follow-up of the remediation plans for each IT recommendation assigned to local Entities Lead the progress of remediation plans related to the recommendations of local regulators and report to CDF

REQUIREMENTS AND QUALIFICATIONS:

From 12 years of experience in a combination of risk management, information security and IT development or operations jobs (at least five must be in a senior leadership role)

Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists

Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist

Ability to set up and develop a network.

OTHER SKILLS:

Personal impact / Ability to influence and take decisions and convince

Creativity and innovation / Problem solving

Ability to synthetize/simplify

Ability to deliver / Results driven

Decision making

Resilience / Ability to act calmly and competently in high-pressure, high-stress situations and ability to resolve conflicts

Operational English

Ability to develop others and improve their skills

Ability to understand, explain et support change

Ability to develop and leverage networks

Ability to anticipate business/strategic evolution

Ability to inspire others and generate people's commitment

Ability to conduct negotiation.

Why BNP Paribas?

Progressive career development opportunities of a large multi-national bank

Talent Development opportunities within BNP Paribas Group

Employee culture that is focused on creating a great place to work

Multinational business environment

On-the-job training and networking opportunities.