1. Governance, strategy, and planning
Prepare and facilitate the Local Security Steering Committee
o Produce management metrics for the purpose of control and decision making
o Provide recommendations to Management to increase security effectiveness of organisation and technology solutions
2. Cooperation and contribution
o To actively coordinate and cooperate with other IT and IT Security teams (local, global and regional) to ensure best IT Security practices and deliveries and a smooth interaction.
o To work closely with Global / Regional IT Security Coordination team to follow-up on strategic projects and security issues.
o A close cooperation with Métiers IT Teams is expected in order to ensure enforcement of IT Security rules at each Métier levels
o To represent Taiwan Branch IT Security in internal and external audits, and in liaison with regulatory and market bodies.
o To contribute to IT Security quality and process improvement generally.
3. IT Risk Management
o To implement in Taiwan Branch the policies and solutions defined by Regional IT Security organization.
o To ensure immediate and accurate reporting of any Taiwan Branch IT Security related incident (intrusion, virus, etc.) to the regional & global IT Security and Incident Management processes.
o To maintain an IT Security Awareness training program towards all local employees.
o Owner of the local Access Control tool, and as such, in charge of its correct operation.
o In charge of the timely & accurate reporting to Global IT Security/2OPC of the Information Security Control Plan as defined per the Global IS Control Plan instructions
o To perform regular security risk assessment for all local Applications and ensure per BNPP Application Security Policy.
4. Controls & Procedures
o To ensure that work is conducted adhering to compliance (including firewall), data protection (customer & personal data) and other regulatory requirements.
o To minimize operational risks and risks of fraud by implementing regular and sufficient controls related to his position.
o To escalate to his management and/or Operational Risks & Permanent Control any issues identified.
5. CSIRT & Forensic Analysis
o Analyzing security logs, monitoring logs, firewall logs and intrusion prevention system logs.
o Conduct analyses related to forensic investigations, cybercrimes, and/or cyberattacks as required.
o Perform threat management and protection against threats including malware, phishing, hacking and DDoS
o Investigation and recommendations to identify gaps from the incident.
o Prepare investigation report and KPI indicator on security incidents.
o Co-ordinate and liaise with global, regional and local incident response team.
o Co-ordinate with internal security teams for incident response.
o Assist with routine compliance and audit functions to ensure requirements are satisfied