1. What does the job of Chief Information Security Officer entail?
I cover every aspect of IT and Cyber Security in 14 countries in the Asia-Pacific region by identifying, developing, implementing, and maintaining security processes and tools across the Bank to reduce information and information technology (IT) risks. I respond to security incidents, establish appropriate standards and controls, manage security technologies, and the establishment and implementation of policies and procedures. My role is to act as business enabler within the bank—not to police what everyone is doing.
"I was also drawn to the support offered by management and the emphasis placed on career development.”
2. Is cyber security a hot topic in Asia-Pacific today?
Yes, especially in the banking sector, where we manage data and money for a huge number of customers. The rise of connected objects and the Internet of Things has blurred the line between private and professional. This, in turn, has heightened the risk of hackers targeting sensitive bank and customer data. Regulators are gradually setting the terms for how these new technologies can be used. For example, if we authorize our employees to use their own smartphone or tablet, we apply strict procedures to make sure customer data stays safe.
3. You have spent most of your career with British and American banks. What brought you to BNP Paribas?
Two years ago, a recruiter contacted me about an interview with BNP Paribas. The position matched my skills and experience perfectly, and it offered greater responsibility and more interaction with businesses. I was also drawn to the support offered by management and the emphasis placed on career development. No other bank I know of operates a training campus like the one BNP Paribas has in Singapore!
4. Did you experience any culture shock upon your arrival?
Not really. BNP Paribas is an international bank, even though it has French roots. But compared to American banks, for example, I would say that it is less centralized and that it grants more autonomy to each region. That’s important in areas like IT security, which is managed differently from one region—or even one country—to the next. Our approach is more dynamic and collaborative.
5. What is the biggest challenge you are facing right now?
Establishing a security culture within the entity. I work in a highly technical field, but many of the issues we face have to do with how we communicate with employees: raising awareness about the risks of sending sensitive or confidential information from a personal e-mail account, or demonstrating that we are all responsible for ensuring IT security.
“ Network internally and keep up the pace, because things move fast at our bank! ”