APAC IT Security Risk Manager

BNP Paribas offers you an exciting career opportunity in an international, challenging business environment characterized by high pace and diversity with focus on creating valuable relations with our customers. We offer a competitive salary & benefits package and also an excellent work environment where you’re valued as part of our team!

BNP Paribas in Asia Pacific - https://careers.apac.bnpparibas

In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 17,000 employees* and a presence in 14 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.

Position Purpose

This is a replacement for an existing IT Security Risk Manager in Hong Kong. The role is to deliver Risk Assessments and be a Security Champion to the business in APAC, with focus on new and existing application of the Bank and utilizing Agile techniques (DevSecOps).


Direct Responsibilities

• This role is primary responsible for risk assessment engagement in projects and existing applications from all APAC business units, ensuring that IT risk is properly recognized, assessed and mitigated, and strong risk management strategies, tools, framework and standards are in place. This role will coordinate across APAC IT Security functions, identifying and delivering solutions to digital risk issues and proactively identifying improvements
• Register, follow up and track Security recommendations, findings & security exception/risk acceptance
• Provide accurate and timely Information technology Security Risk Assessment reports
• Work closely with asset owners or representatives and technical staff to communicate, drive and track the implementation/remediation of security recommendation/findings

Contributing Responsibilities

• Provide consultation and recommendations on IT Security & Risk Management related topics in APAC region with focus on Bank's Digital transformation initiatives
• Perform Firewall Pre-Change Review for APAC on projects. Take part of the network firewall rules approval process, by reviewing and approving FW requests

Technical & Behavioral Competencies

• Work closely with Global IT Security & Risk Assessment team to follow-up on strategic digital transformation projects and related security issues
• Extended knowledge of IT infrastructure & network and application security. Proficient in Fintech, Cloud, Mobile, Virtualization, and Sandbox technologies, agile development methodology, and Infrastructure & network (Internet, Intranet, Extranet, DMZ), and Application (Web, Client-Server, payment systems) security reviews
• Extended knowledge of IT Security Risk Management concepts and with good understanding of industry APAC regulations i.e. MAS TRM, HKMA, FSA, etc
• 5 to 8 years of direct IT Security Risk Assessment experience with a strong background in Infrastructure & Network and Application Risk Assessment, security operations, software development, and network & system administration. Prior experience in emerging digital risk assessment methodology and its application is preferred
• Must be able to handle stakeholders in a confident, positive and responsive manner
• Good communication, technical writing skills.
• Must be motivated, and able to work independently as well as part of a team.
• Must demonstrate ethical responsibility, maturity, and discretion

Specific Qualifications (if required)

• The following certification(s), or equivalent experience, are preferred: CRISC, CISM, CISA, CISSP, ITIL, GCCC