Deputy CISO Asia (AVP)

BNP Paribas offers you an exciting career opportunity in an international, challenging business environment characterized by high pace and diversity with focus on creating valuable relations with our customers. We offer a competitive salary & benefits package and also an excellent work environment where you’re valued as part of our team!

In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 17,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.

Worldwide, BNP Paribas has a presence in 73 markets with more than 196,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.

BNP Paribas offers you an exciting career in an international business environment that is fast-paced, diverse and focuses on creating high-value relationships with our clients. We offer competitive salary and benefits, as well as a working environment where you're valued as part of the team.

* excluding partnerships

https://careers.apac.bnpparibas/

Main Scope
Role of Wealth Management Deputy APAC Chief Information Security Officer, being understood this role includes delegations from APAC WM CISO.

Main Responsibilities

 Deputy APAC WM Security Manager
o Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes
o Coordinate with APAC WM security actors, including Chennai-based resources
o Coordinate with APAC WM and CIB IT teams on risk and security topics, while promoting a secure development and deployment culture
o Assist for a Risk Treatment for any APAC WM issue, based on the WM GAIM generic process
o Identify the IT security risks in advance, record and follow-up them

 Application Security
o Ensure the effective implementation of Secure SDLC
o Identify the latest security standards and make sure of their implementation
o Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness
o Perform risk assessments and reviews to be presented to respective committees
o Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager's location and hosting provider

 Production Security
o Identify the production security requirements and ensure a smooth integration of WM assets within APAC IT Production, including network flow opening and Application Zoning compliance
o Identify the compliance level of the production environment and integrate them
o Perform an adequate Vulnerability Management at the server and middleware level based on production scans

 IT security compliance
o Ensure the alignment with the Group, Wholesale and WM GAIM security policies, for both project and production assets
o Ensure the compliance with APAC regulators requirements, mainly HKMA and MAS

 CyberSecurity Program
o Steering and driving of the security initiatives on the APAC scope expected by the WM CyberSecurity Program

 Coordination with IT Security actors
o Reporting line to the WM APAC CISO: alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Wholesale Application Security Dashboard…)
o Coordination and control of security activities performed by APAC BIS and Production Security teams, including project assessment from production point of view, production security review, user security awareness for the WM scope.
o Coordination with the Swiss Security team concerning integration of WM assets within Swiss IT production
o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group


Essential Banking Knowledge
  • Banking Knowledge and understanding of Wealth Management specificities
  • International and APAC banking regulations
Essential Technical Knowledge
  • Program/Project Management
  • Knowledge of standard IT Security concepts and methodologies
  • Technical proficiency in the various Operating Systems and Databases
  • Knowledge of state of the art technologies
  • Knowledge of Cloud, Mobile and Virtualization Technologies
  • Knowledge of IAM and PAM
Essential Personal Skills
  • Communication skills - Ability to interact throughout oral and written communication skills
  • Ability to provide an accurate reporting to the Management
  • Must be motivated, and able to work independently as well as part of a team
  • Must demonstrate ethical responsibility, maturity, and discretion
Qualifications and Experience
  •  Experience in evaluation and design of technical architectures
  •  Functional as well as technical knowledge of the applications used within BNP Paribas
  •  Knowledge of the Norms and Standards of the BNP Paribas Group, in particular with respect to ITRM & Wholesale IT Security Norms and Policies
Other Value-added Competencies

 Operational Risk and Permanent Control