APAC IT Security Risk Manager
In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 17,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.
Worldwide, BNP Paribas has a presence in 73 markets with more than 196,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.
BNP Paribas offers you an exciting career in an international business environment that is fast-paced, diverse and focuses on creating high-value relationships with our clients. We offer competitive salary and benefits, as well as a working environment where you’re valued as part of the team.
* excluding partnerships
This is a replacement for an existing IT Security Risk Manager based in Hong Kong. The role is to deliver Risk Assessments and be a Security Champion to the business in APAC, with focus on new and existing application of the Bank and utilizing Agile techniques (DevSecOps).
• Responsible for security risk assessments on new and existing applications to ensure strong risk management strategies, tools, frameworks and standards are in place.
• Identify and provide analysis and recommendations for IT security risks, and track corrective actions performed by the business thru risk exception process.
• Provide accurate and timely reports to demonstrate individual and team activities and progress
• Work closely with IT and business representatives to drive risk assessment and remediation
• Provide consultation on security policies and general best practices
• Evaluate and provide security approvals related to application and infrastructure changes with focus on firewall rule approval and recertification.
• Participate in audits to establish compliance with security policy and APAC country regulations
• Contribute to individual, team, and security function continuous improvement projects.
Technical & Behavioral Competencies
• Advanced knowledge of infrastructure and application security and risk management concepts.
• Have good understanding of industry APAC regulations i.e. MAS TRM, HKMA, FSA, etc.
• Have general knowledge on emerging technologies such as Fintech, Mobile & Virtualization.
• Must have demonstrable previous IT Security experience in risk management, audits/compliance, security system development and/or operations.
• Prior experience in DevSecOps methodology and its application is preferred
• Must have direct IT and business stakeholders management in a confident and responsive manner. Previous security sales and/or team management experience should be highlighted.
• Must have excellent English oral and written communication. French, as well as other languages used in APAC should be highlighted.
• Must be motivated, and able to work independently as well as part of a team and must demonstrate ethical responsibility, maturity, and discretion
Specific Qualifications (if required)
• The following certification(s), or equivalent experience, are preferred: CRISC, CISM, CISA, CISSP, ITIL, GCCC