In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 18,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships. 
Worldwide, BNP Paribas has a presence in 68 markets with more than 193,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.  

* excluding partnerships

BNP Paribas offers you an exciting career in an international business environment that is fast-paced, diverse and focuses on creating high-value relationships with our clients. We offer competitive salary and benefits, as well as a working environment where you’re valued as part of the team. 

Position Purpose

•    To conduct Information Technology and Cybersecurity audit work in accordance with the IG methodology and ensure high standard of deliverables
•    To contribute to the Information Communication Technology risk assessment of audit universe establishing a reliable communication channel with the  auditees.
•    To follow through with auditee on implementation of recommendations

Direct Responsibilities

1.    Participate in the audit team assignments and special reviews (when required by regulators, business lines, or senior management)
•    Contribute to the planning and preparation of the assignment e.g. understanding the methodology to be applied, acquiring a deep knowledge of the activities to be covered, understanding the detailed technologies, gathering relevant key figures, etc.
•    Develop a thorough understanding of the activities within the scope of the assignment, its strategy and governance, and the related risks.
•    Evaluate the overall setup and identify the main areas of risk (including a comprehensive assessment of the management actions).
•    Execute detailed investigations leveraging on a strong technical knowledge in various IT systems (Databases, Operating systems Linux/Windows,   Cybersecurity/Network security, Virtualization, containerization, Cloud Computing and related risks)
•    Leverage on adequate programming languages and scripting to perform efficient investigations by automating analysis.
•    Ensure the adequate learning and understanding of the standard IT solutions used in the IT infrastructure and production, Cybersecurity management     in order to analyze adequately their configuration and be able to identify and raise potential risks.
•    Recommend appropriate actions to the management in order to remediate the identified weaknesses.
•    Formalize the results of the assignment investigations and contribute to the production of the assignment deliverables.
•    Present the conclusions of the assignment fieldwork to the senior management.

2.    Review the implementation of the Inspection Générale recommendations
•    Review and challenge the actions defined to remediate the weaknesses identified by the audit team through its assignments.
•    Ensure the adequacy of the answers to address permanently the gaps following accurately the recommended actions.
•    Perform relevant control testing to ensure the proper implementation of the actions.

3.    Contribute to the periodic risk assessment of IT activities and planning
•    Perform a periodic and comprehensive risk assessment of the IT activities as per the Group guidelines.
•    Keep abreast of change/new development of regulatory requirements that are relevant to IT activities and related functions.
•    Assist in the elaboration of the IT audit planning following a risk-based approach.

Contributing Responsibilities
•    Contribute to the improvement of the Inspection Générale practices through the elaboration and update of our methodologies.

Technical and Behavioral Competencies required

•    Strong expertise in Cybersecurity (IT security hands-on experience is a plus)
•    Strong technical background in IT activities (including IT production / IT systems expertise)
•    Curiosity, rigor, and precision.
•    Outstanding analytical skills
•    Ability to synthesize
•    Excellent writing and presentation skills (in English)
•    High level of initiative, commitment, and drive
•    Ability to work effectively under pressure and within short deadlines
•    Promotes a constructive, cooperative, and participative teamwork environment

Specific Qualifications (if required) 

•    Possess a Bachelor’s / Master’s Degree in Information Technology/ Management Information System / Computer Science and related discipline;
•    Not less than 5 years of experience in external auditing / internal auditing / IT / risk / compliance / internal control / operations in the financial services industry.
•    Professional Qualification/Certificate in Audit, e.g. CISA, CISSP, CISM, CCSP is a plus.

Other/Specific Qualifications (any of these skills is highly appreciated)

Information Technology – Systems
Operating Systems : Linux/UNIX, Windows
Databases Management Systems: Oracle, SQL Server, NoSQL, MariaDB, MongoDB
Data Analytics: Elasticstack, Kafka, Tableau, Power BI, R, Python (Panda, Matplotlib, SciKit)
Cloud Technology: AWS, Azure, Kubernetes, Docker
Programming / scripting: Linux / windows Shell, batch commands / Javascript, Web development framework
Python (intermediate/advanced level)

Identity Access Management: Sailpoint, CyberArk, Oracle Identity Management , Single Sign-On : WEB SSO
Network Security: Strong network knowledge, (routing, Firewalls), Proxies (WEB, Reverse Proxy), 
System security: Security configuration, Patching, vulnerability scanning (Nexpose, Nessus)
Application security: OWASP, WAF, Scanning (Qualys, Rapid7, Tripwire, Fortify)
Penetration Testing / ForensicsTools: Kali Linux (Burpsuite, nmap, zap, dirbuster, metasploit)

Primary Location
Job Type
Standard / Permanent
Education Level
Master Degree or equivalent (> 4 years)
Experience Level
At least 5 years

Découvrez les métiers de BNP Paribas : Audit, Conformité, Risques et Juridique

Le paysage réglementaire de notre secteur évolue rapidement et nous nous devons d’être irréprochables ! Pour exercer un métier à fortes responsabilités et prendre part à des décisions stratégiques pour le bon fonctionnement de BNP Paribas, découvrez les opportunités offertes dans les métiers de l’audit, de la conformité, des risques et du juridique.

En savoir plus

Pourquoi je candidaterais ?

Pour quelles raisons je rejoindrais BNP Paribas et pas une autre entreprise ?

Parce que je souhaite...

  • Et si on vous disait que travailler dans notre Groupe, ce n’est pas ce que vous croyez ? Chez BNP Paribas, on exerce une multitude de métiers qui évoluent en permanence pour être en phase avec les attentes des clientes et clients comme de la société.

  • Se sentir bien dans son job, c’est avant tout venir travailler comme on est.  C’est aussi avoir les moyens d’un bon équilibre entre sa vie professionnelle et sa vie personnelle. Deux engagements majeurs pour BNP Paribas.

  • Chez BNP Paribas, le développement de vos compétences est essentiel, pour vous comme pour nous. Et cela vous servira pour toute votre vie professionnelle.

En savoir plus