IT Security Engineer H/F

Les missions du poste

A propos de Crédit Agricole Corporate and Investment Bank (Crédit Agricole CIB)

Crédit Agricole CIB est la banque de financement et d'investissement du groupe Crédit Agricole, 10ème groupe bancaire mondial en taille de bilan 2021 (The Banker, juillet 2022).
Près de 8600 collaborateurs répartis dans plus de 30 implantations en Europe, Amériques, Asie-Pacifique, Moyen-Orient et Afrique du Nord, accompagnent les clients de la Banque dans la couverture de leurs besoins financiers à travers le monde.
Crédit Agricole CIB propose à ses clients grandes entreprises et institutionnels une gamme de produits et services dans les métiers de la banque de marchés, de la banque d'investissement, des financements structurés, de la banque commerciale et du commerce international.
Pionnier dans le domaine de la finance Climat, la Banque occupe aujourd'hui une position de leader sur ce segment avec une offre complète pour l'ensemble de ses clients.

La majorité des postes est éligible au télétravail dans les conditions prévues par notre accord reposant sur le double volontariat (collaborateur & manager) et après une période d'intégration réussie.
Crédit Agricole CIB s'engage en faveur de l'insertion des personnes en situation de handicap, ainsi ce poste est ouvert à toutes et à tous.

Pour plus d'information : www.ca-cib.fr

Twitter : https://twitter.com/ca_cib
LinkedIn : http:///company/credit-agricole-cib/
Summary
The Security Engineer will BE responsible for the IT Security review and assessment of the corporate desktops and servers, infrastructure applications & network in CA-CIB NY. He is also responsible for enforcing the security policy and complying with requirements of external security audits and recommendations.
Other responsibilities include monitoring of alerts for any reported anomalies and malicious activities on network and host levels as well as responding to audit findings.
Key Responsibilities
· Prepare, organize, conduct & follow-up on vulnerability scans and remediation on all scopes;
· Prepare, organize, review & follow-up on pentests and remediation on all scopes;
· Prepare, organize, review & follow-up on Purple team exercise and its remediation projects;
· Conduct annual Firewall rule review and monitor Firewall rule change management;
· Provide cybersecurity expertise for all IT and IT Security projects;
· Respond to internal Audit findings by developing controls and documentation packages;
· Review network architecture designs;
· Ensuring that all areas of CA-CIB remain in full compliance with Security directives related to IT Security management as received from Head Office and other guidelines (FFIEC, NIST);
· Perform cybersecurity controls;
· Support Continuous Monitoring Framework by effectively reporting the Key Risk Indicators (KRIs) and Key Control;
· Evolve the Security function by continuous assessment of our risks, threats & vulnerabilities;
· Maintain and update all local policies, procedures and standards;
· Perform scheduled host discoveries to ensure all servers and desktops are accounted for and meet Head Office Standards in monitoring & coverage;
· Ensure security monitoring tools such as AV, DLP, patch agents are registered & monitored;
· Optimize all IS Security controls / processes through automation via scripts, tools and other means;
· Continuous monitoring all Hosts to ensure continuous compliance to Head Office technical security standards and Server build standards;
· Perform Scheduled Security Patch Assessments to validate that all servers and desktops are compliant;
· Keep current in IT Security and cybersecurity industry trends;
· Awareness and development of controls and detection solutions to address malware, cybersecurity and advanced persistent attacks;
· Function as the Backup for IT Sec Engineering Manager;
· Support IT Security and cybersecurity Awareness campaigns.
Management and Reporting
· Reports to the IT Security Engineering Manager
Key Internal contacts
· All GIT/SIT/ISS groups in Americas & Paris
· Internal Audit team
Key External contacts
· Varies per projects/incidents (IT, Business, Management, etc.)
#LI-DNI