The bank for a changing world

We are looking for

IT Security Officer

Apply REF: ITO001014
Governance, strategy, and planning 
  • Prepare and facilitate the Local IT Security Steering Committee

  • Produce management metrics for the purpose of control and decision making

  • Provide recommendations to Management to increase security effectiveness of organization and technology solutions

  • Training: Set up and conduct induction training for new staff, conduct regular refresher training and awareness to existing staff, monitor completion of all IT security & BCM related mandatory trainings

 Cooperation and contribution  
  • To actively coordinate and cooperate with IT or other team to ensure best IT Security practices and deliveries and a smooth interaction

  • Contribute to Regional Security Projects & implement them locally when applicable

  • Work closely with Regional IT Security Coordination team for any IT Security matters and to ensure the compliance of Indonesia regulation o A close cooperation with IT Teams is expected in order to ensure enforcement of IT Security rules

  • Represent Indonesia IT Security in internal and external audits, and in liaison with regulatory

  • Conduct IT Security quality and process improvement generally

 IT Risk Management 
  • Implement the agreed policies and procedures

  • Ensure immediate and accurate reporting of any Indonesia IT Security related incident (intrusion, virus, etc.) to management.

  • Maintain an IT Security Awareness training program towards all employees.

  • Owner of the local Access Control tool, and as such, in charge of its correct operation.

  • To perform regular security risk assessment for all Applications and infrastructure to align with Security Policy

  • To perform Third party security review for Essential Service Providers

Controls & Procedures  
  • To ensure that work is conducted adhering to compliance (including firewall), data protection (customer & personal data) and regulatory requirements.

  • To minimize operational risks and risks of fraud by implementing regular and sufficient controls

  • To escalate to his management and/or Operational Risks & Permanent Control any issues identified.

 CSIRT & Forensic Analysis  
  • Analyzing security logs, monitoring logs, firewall logs and intrusion prevention system logs.

  • Conduct analyses related to forensic investigations, cybercrimes, and/or cyberattacks as required.

  • Perform threat management and protection against threats including malware, phishing, hacking and DDoS

  • Investigation and recommendations to identify gaps from the incident.

  • Prepare investigation report and KPI indicator on security incidents.

 IT Security Production/ Operation 
  • Monitoring security logs, monitoring logs, firewall logs and intrusion prevention system logs.

  • Security Incident handlings o Conduct a regular security and due diligence check list (application, workstations, Infrastructure).

  • Monitoring Data Leakage prevention

Business Continuity Management

         BC Strategy/Solutions:

  • Communicate and promote local objectives and constraints to BC Correspondents;
  • Foster sharing of good practices and expertise across BC Correspondents;

  • Coordinate BC Correspondents to ensure consistency of BC strategies between local activities/business units;

  • Define and implement recovery solutions consistent with the business needs of local activities/business units;

BC Testing:

  • Define an overall BC testing program and coordinate its execution with BC Correspondents;
  • Identify and escalate any gap between recovery objectives and business implementation;

  • Coordinate where applicable the organization of joint tests between BNP Paribas entities;


  • Conduct semi-annual BC Steering Committees to review status of business continuity plans and progress of implementation of business continuity projects;

  • Follow up and monitor resolution of BCM-related Audit, General Inspection or regulators open recommendations assigned to business units within the Bank;

  • Collect and consolidate the Bank’s scorecards and reporting as required by Management and Regional BCM

  • Provide all necessary information and reports required by local regulators and supervisory authorities

  • Monitor local regulatory, supervisory and industry developments which could impact BNP Paribas business continuity practices or standards

  • Represent BNPP Group with local regulatory authorities and market/industry bodies;

  Crisis Management:

  • Set up, maintain and exercise BNP Paribas Indonesia crisis management organization;

  • Coordinate local response to business continuity incidents;

  • Set up and exercise a country-wide crisis management organization covering all BNP Paribas entities, and develop and maintain corresponding crisis management plan and procedures;


    • Qualifications and Experience:

    • At least 5 years of experience in similar role as IT Security or IT Risk, Control and Audit environment. Prior experience in  IT Security Risk management would be advantageous

    • Recommended certification: CISM, ISO27001/2

    • Other Value-Added Competencies:

    • Attention to detail

    • Ability to manage several initiatives/projects and keep these on-track simultaneously

    • Ability to effectively manage your own time and the priorities

    • Interpersonal skills, ability to consolidate action plans and report progress status

    • Pragmatic, ‘Can do’ attitude & Proactive approach with a strong ability to work on own initiative

    • Capable of adapting to a new environment and to work under pressure towards tight deadlines

    • Excellent oral and written communication

    • Good interpersonal skills

    • Big picture awareness

Primary Location: ID-JW-Jakarta RayaJob Type: Standard / PermanentJob: INFORMATION TECHNOLOGYEducation Level: Bachelor Degree or equivalent (>= 3 years)Experience Level: At least 5 years Behavioural competency: Ability to collaborate / TeamworkTransversal competency: Ability to manage a project