IT Security Risk Manager
BNP Paribas
Hong Kong

In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860.

Currently with over 18,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs.

It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.

Worldwide, BNP Paribas has a presence in 68 markets with more than 193,000 employees. It has key positions in its three main activities : Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises : corporate clients and institutional investors.

Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.

  • excluding partnerships
  • BNP Paribas offers you an exciting career in an international business environment that is fast-paced, diverse and focuses on creating high-value relationships with our clients.

    We offer competitive salary and benefits, as well as a working environment where you’re valued as part of the team.

    https : / / /

    Position Purpose

    Regional role based in Hong Kong to deliver IT Security Risk Assessments and be an IT Security Champion to the business in APAC, with focus on new and existing application of the Bank and utilizing Agile techniques (DevSecOps).


    Direct Responsibilities

  • Responsible for security risk assessments on new and existing applications to ensure strong risk management strategies, tools, frameworks and standards are in place.
  • Identify and provide analysis and recommendations for IT security risks, and track corrective actions performed by the business thru risk exception process.
  • Provide accurate and timely reports to demonstrate individual and team activities and progress
  • Work closely with IT and business representatives to drive risk assessment and remediation
  • Contributing Responsibilities

  • Provide consultation on security policies and general best practices
  • Evaluate and provide security approvals related to application and infrastructure changes with focus on firewall rule approval and recertification.
  • Participate in audits to establish compliance with security policy and APAC country regulations
  • Contribute to individual, team, and security function continuous improvement projects.
  • Technical & Behavioral Competencies

  • Advanced knowledge of infrastructure and application security and risk management concepts.
  • Have good understanding of industry APAC regulations i.e. MAS TRM, HKMA, FSA, etc.
  • Have general knowledge on emerging technologies such as Fintech, Mobile & Virtualization.
  • Must have demonstrable previous IT Security experience in risk management, audits / compliance, security system development, and / or operations.
  • Vulnerability / Patch Management experience is a plus.

  • Prior experience in DevSecOps methodology and its application is preferred
  • Must have direct IT and business stakeholders management in a confident and responsive manner. Previous security sales and / or team management experience should be highlighted.
  • Must have excellent English oral and written communication. French, as well as other languages used in APAC should be highlighted.
  • Must be motivated, and able to work independently as well as part of a team and must demonstrate ethical responsibility, maturity, and discretion
  • Specific Qualifications (if required)

  • The following certification(s), or equivalent experience, are preferred : CRISC, CISM, CISA, CISSP, ITIL, GCCC
  • 报告这项工作

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“持續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。