Head of IT Security Management and Monitoring APAC

In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 18,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.

Worldwide, BNP Paribas has a presence in 68 markets with more than 193,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.
* excluding partnerships

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

https://careers.apac.bnpparibas/

Position Purpose

Regional role based in Singapore or Hong Kong to drive IT security best practices and lead a team of IT security risk management professionals to :

• Deliver IT security risk assessments and manage risk treatments on applications, infrastructure, clouds and API's.
• Develop IT security framework for APAC that meets Global IT security requirements and actively contribute on cybersecurity strategic projects
• Drive and work closely with respective teams to remediate IT security non-compliance issues including those identified from 3 Lines-of-Defense, regulators and external auditors.
• Provide IT security consulting for IT and other stakeholders as well as IT security approvals for new and evolving changes to the environment.

Direct Responsibilities :

1. Cooperation & contribution

• To actively coordinate and cooperate with other IT and IT Security teams (local, global and regional) to ensure best IT Security practices and deliveries and a smooth interaction.
• To work closely with Global IT Security Coordination team to follow-up on strategic projects and security issues.
• To collaborate with IT Operational Permanent Control on internal and external audit engagements and cover topics related to IT security controls
• To contribute to IT quality and process improvement generally.
• To work closely with various IT teams (e.g. ProdSec, Digital Working, IT application owners etc) for closure of non-compliance issues found.

2. Risk Management :

• To perform a central role in the risk assessment of local/regional applications and processes, based on a formalized methodology, in order to lead to an increased security level of these applications.
• To work in partnership with the Business Lines, ITO and relevant teams to draw up measures for implementing the Bank's IT Security Policies, Standards and Framework. Especially to participate to all projects in order to ensure respect of good IT security practices.
• To ensure immediate and accurate reporting of any IT Security related incident (intrusion, virus, etc.) to the global IT Security process.
• To answer to the various requests and inquiries rose to the IT Security Risk Management and Monitoring team.

3. Controls & Procedures

• To ensure that work is conducted adhering to compliance (including firewall), data protection (customer & personal data) and other regulatory requirements.
• To minimize operational risks and risks of fraud by implementing regular and sufficient controls related to his/her position.
• To escalate to Management and/or Operational Risks & Permanent Control any issues identified.

4. Team Management

• Ensure JD documented for each role within the team.
• Document SOP for the team.
• Each new hire have objectives defined and agreed within 1 month from the onboarding date.
• Each member has development plan defined.
• Provide and facilitate necessary training for new staff.
• Ensure backup plan for the team.
• Ensure all the mandatory trainings for the team are completed before the due date.
• Establish Book of Work that includes correct time-tracking booking, timely & accurate recording of activity.

5. Key Performance and Key Risk Indicators

• Define pertinent Key Performance and Key Risk Indicators regarding IT security activity in APAC
• Supervise collection and / or production of all data required to feed the KPIs and KRIs
• Monitor the indicators, perform in-depth analysis and define action plan
• Follow up progress on action plan
• Keep records history in order to produce tendencies over time
• Produce innovative reports presenting indicators (graphics, diagrams ,...) in an easy to read and simple way for upper management to grasp
• Ensure consolidation, homogenization and improvement of existing dashboards

Contributing Responsibilities

• Contribute to the Permanent Control framework for implementation of policies and procedures in day-to-day business activities, such as Control Plan.
• Comply with regulatory requirements and internal guidelines.
• Contribute to the reporting of all incidents according to the Incident Management System

Technical & Behavioral Competencies

Essential Technical Knowledge/Skills :

• Knowledge in state-of-the art technologies concerning Operating Systems, RDBMS, Network, Storage,
• Middleware, Hardware (Servers / Workstations), Virtualisation, Mobile and Cloud
• Deep knowledge on Security applied to Infrastructure, Production and Applications (including eBanking)
• Team Management and Project Management experience
• Strong Communication skills
• Experience in evaluation and design of technical architectures
• General Banking Knowledge with significant experience working for Financial Institutions
• Knowledge of standard IT Security concepts and methodologies including DevSecOps

Other Value-Added Competencies:

• Must be motivated, and able to work independently as well as part of a team
• Attentive to detail
• Ability to manage several initiatives/projects and keep these on-track simultaneously
• Ability to effectively manage own time and the priorities
• Interpersonal skills, ability to consolidate action plans and report progress status
• Pragmatic, Can do' attitude & Proactive approach with a strong ability to work on own initiative
• Capable of adapting to a new environment and to work under pressure towards tight deadlines
• Speaks clearly and persuasively in positive or negative situations
• Listens attentively and seeks clarification
• Knowledge of Operational Risk and Permanent Control
• Big picture awareness

Specific Qualifications (if required)

• At least 15 years of experience in IT environment with at least 8 years in IT Risk & Security
• Solid understanding and experience in Finance industry is a must (2-3 years' experience in the financial
• industry)
• Degree in Computer Science or related
• Information Security Certification (CISSP, CISM, CISA or other security-related accreditation
• Fluency in English
• ITIL certification ( optional )
• Lean Six Sigma belt ( optional