In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 18,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.
Worldwide, BNP Paribas has a presence in 68 markets with more than 193,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.
* excluding partnerships
At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.
China is opening its capital markets to foreign financial institutions and this is a critical area of BNP Paribas’s business growth in Asia Pac. BNP Paribas have strong commitments to build a world-class securities company in China, covering a wide range of business activities.
You will be joining the Information Technology department with the key objectives to
- Ensure that processes across IT operate securely. The remit extends across all aspects of IT security (i.e. policies and procedures, authorization and administration of accesses, networks and firewalls, servers and workstations, operation systems, databases and applications), wherever applicable. It covers all IT teams and usage of the IT platform by other departments, as far as the infrastructure and staff located in PRC branches are concerned.
- Another key objectives is to ensure that IT maintains an appropriate level of security in compliance with company policy and requirements from regulatory & market authorities and in accordance with recommendations from General Inspection, Compliance, Internal Audit and External Auditors.
- Contribute to the design, testing and roll-out of security controls such as access management, exception management, data leakage prevention, etc. in accordance with established regional processes
1. IT Risk Management
- Inform APAC IT Security Risk Management team about any new projects or major change within PRC for further risk assessment.
- Ensure risk assessment on the in-scope projects, third-party vendors and the deviation of policies & best practice is properly conducted. Ensure the recommendation issued for projects and security exceptions / risk acceptances are properly followed up.
- To translate policy statements into local guidelines and procedures in order to produce enforceable actions
- To enforce an efficient user account management process in order to authorize and control users’ accesses and habitations to IT Systems
- To monitor and ensure immediate and accurate reporting of any PRC IT Security related incident (intrusion, virus, etc.) to the regional & global IT Security and Incident Management processes.
- To be part of the network rules review and recertification process, by reviewing and approving all network access requests (including firewall, proxy and SMTP requests), and perform periodical review.
- To work in partnership with the Business Lines, Organization & Methods, Information Systems, and others to draw up measures for implementing the Bank's Information Systems Security Directives. Especially to participate to all projects in order to ensure respect of good IT Security practices
- To occasionally participate in regional security risk assessment activity of business line applications
- To work with different stakeholders and assist PRC CIO to implement the IT risk management framework
- To conduct necessary security controls, reviews, assessment to ensure the best security practice is in place for all PRC branches
2. IT Security Control Design, Testing and Implementation
- To gather control requirements based on regulatory guidelines and business needs
- To assist in the design of local and business-specific security controls
- To contribute to the processing of day-to-day security events, leading or supporting security investigations and escalation to relevant stakeholders (Business, Compliance, Legal, HR, IT)
- To maintain exception management workflows and to track local exceptions and their recertification
- To produce periodic KPI and KRI dashboards and distribute them to local management
3. Coordination & Cooperation
- To actively coordinate and cooperate with other IT and APAC Security teams to ensure best IT Security practices, deliveries and a smooth interaction
- To work closely with IT Infrastructure & Production team, as well as Business Lines IT teams for closure of non-compliant issues found within scope of responsibilityTo assist the production & follow up of Security Dashboard by APAC SecurityTo maintain an IT Security Awareness training program towards all local employees
- To assist PRC COO/CIO for the production of required and requested reporting to the local regulatory & market authorities
- To answer requests raised by Internal Audit and Risk and to promptly close findings and recommendations
- To improve IT quality and process generally
2. Compliance & Control
- Comply with the BNPP IT Security policies
- Comply with the BNPP standards of Code of Conduct
- Comply with regulatory requirements and internal guidelines.
- Ensuring appropriate escalation to management and/or Permanent Control (or Compliance as appropriate) as soon as an issue is identified
- Minimizing operational failure, including but not exclusively, the risk of fraud, by helping to devise, and by implementing, sufficient regular controls
- Participate and contribute to different committees related to the job scope, including but not limited to IT management, IT risk management (TRM), country supplier risk management, data governance, data protection, local outsourcing management, etc.
Permanent Control Aspects
- Direct contribution to BNPP operational permanent control framework.
- Responsible for the implementation of operational permanent control policies and procedures in day-to-day business activities, such as Control Plan.
- Responsible for ensuring team members (if applicable) to comply with regulatory requirements and internal guidelines.
- Responsible for reporting all incidents according to the Incident Management System
- Responsible for ensuring job descriptions are written, distributed and updated.
- Ensure audit recommendations are resolved within the specific timeline.
Technical & Behavioral Competencies
- To be knowledgeable of IT Security concepts.
- To know IT Security regional roadmap.
- To maintain a good knowledge of the technologies, systems, integration and workflows of the IT Security program.
- To know the organization of global IT Security, as well as regional Security, who to action depending on the matter and to maintain good relationships with IT Security managers.
- To know program management methodology.
- To know how to define an action plan and to follow up on progress.
- To be organized and meticulous.
- To know how to communicate clear instructions and follow up while delegating appropriately.
- Negotiation skills.
- Securities practitioner qualification is a must;
- Bachelor’s degree in Computer Science, Information Security or equivalent experience
- Holder of information security and risk management (e.g. CISM, CISSP, etc.) preferred