The bank for a changing world

Business Information Security: APAC IT Governance Education & Awareness Officer


Standard / Permanent



Job function




Position Purpose

The APAC IT Governance Education & Awareness officer will support the IT Security awareness program for the region, to ensure APAC end users receive all along the year awareness information on security topics. This includes but not limited to blast email, induction training, online awareness trainings and posters initiative.

As part of the duties, he/she will:

-       Organize with HR and Compliance the Security Master Class at the Asia Campus and coach new local trainers (Hong Kong, India, Japan... ).

-       Assist BIS Management in the preparation of Cyber Surveillance Briefing & Training to Countries Board of Directors.


APAC Security dashboards and reports, including Key Risks Indicators (KRIs) on security levels, IT Security projects progress as well as Key Performance Indicators (KPIs) will have to be executed and published on a regular basis.

The tasks of the APAC IT Governance Education & Awareness officer will include collection of information, analysis and preparation of above dashboards/reports. The role will also consist in the follow-up of the action plans linked to the identified risk within the said dashboards/reports. On a regular basis, he/she will prepare and share Cyber Threat Reports jointly with the Cyber Intelligence team.


Thus, the APAC IT Governance Education & Awareness officer will help in the preparation of Steering Committees in order to present the dashboards and reports updates to Stakeholders.


Also part of APAC BIS IT Governance team and with strong adherence with IT Security team and IT Operational Permanent Control team, he/she will be contributing to APAC on site-reviews and IT risks assessments, IT regulatory compliance, IT governance deployment and IT Security controls optimization.


Successful candidate would be able to demonstrate analytical skills and good understanding of Information Security. Having experience of large organizations with financial services context will be much appreciated.

Key Responsibilities

  • Awareness

  • ­Help to prepare awareness information on security topics (content, formatting, coordinate translation from English to other APAC Languages…)

  • ­Follow-up on awareness training completion

  • ­ Prepare dashboard on awareness program progress

  • Dashboard and reports

  • ­Collect data from various parties
  • Perform some data analysis
  • Prepare and publish dashboard/reports
  • Prepare steering committee presentations for Management meeting
  • Support the definition of action plans (ensure commitment of action owners) and follow-up on completion

  • APAC IT risks assessment and follow-up

  • ­Participate to IT risks assessments (on-site review, IT outsourcing risks)

  • Regulatory compliance

  • ­Participate to Technology Risks Management
  • Ensure compliance of internal framework with APAC regulations and with standards and international framework (ISO, NIST…)
  • Contribute to IT Security controls framework optimization

  •  APAC IT Governance procedures implementation

  • ­Help on IT Governance deployment over APAC entities

Competencies (Technical / Behavioral)

  • A solid background in Information Security field (at least 3 years of experience)
  • Solid experience of data analysis (excel functionalities )
  • Excellent reporting capabilities (KPIs/KRIs, dashboards, metrics, assessment …)
  • Solid understanding and experience in Finance industry is a must
  • Good understanding of APAC regulatory environment for Technology Risks Management
  • To have good coordination skills
  • To be innovative and creative
  • Excellent communication (both written and verbal) skills
  • Presents numerical data effectively (Charts, presentation)
  • Must be motivated, and able to work independently as well as part of a team
  • Ability to manage several initiatives and keep these on-track simultaneously
  • Capable of adapting to a new environment and to work under pressure towards tight deadlines
  • Ability to effectively manage your own time and the priorities

Specific Qualifications Required

  • University degree or equivalent in IT discipline
  • Professional credentials in relevant cyber security disciplines, such as ITIL-SM, ITGI, CGEIT, CISM, CISA or CISSP, including CISSP-ISSMP, would be “a plus”