Role Description and purpose
The role is a key individual that supports the proper execution of Security strategy in Asset Management business line in Asia Pacific.
It supports the application of general policies and best business practices, in accordance with BNPP guidelines and local statutory requirements.
Working within the Group Regional Security team, this individual will be the point contact for Asset Management business and technology teams within the regional security team.
Business Partnership - Work closely with Business in enabling user tools while maintaining security conformance to the Group control policies and guideline.
Participate in Business project discussions, understand project objectives and requirement, provide consultancy on ensuring security compliant, ensure Business fully understand any identified risk.
Maintain risk acceptance inventories, perform regular monitoring and review. Coordinate with Permanent Control Team to determine the escalation requirement on security incidents and ensure proper closure of topics
Alignment with Global Asset Management Security - Coordinate with global teams to understand security validation status of global applications in Asset Management.
Ensure uniformity of digital tool usage across regions matching global control requirement. Understand the global security roadmap and align with the regional initiatives to ensure unique experience to Business.
Alignment with Territory IT Security in the Region Maintain good working relationship with Security organization. Escalate and track security incidents to Computer Security Incident Report Team.
Ensure successful deployment of Group Security strategy / projects to Asset Management.
Managing the IT Security topics and working closely with the regional / global teams where necessary.
Monitor the evolution of the regulatory framework related to securities for the AM location in Asia & work closely with stakeholders to comply with these evolving needs.
Other security related duties and not limited to : Support ongoing Group IT Governance Rules evolution and carry out regular IT Control Campaign.
Maintain IT Risk Register & drive AM APAC IT Risk Committee Following up internal and external audit findings and recommendations Participate as a player in Cybersecurity Testing mandatory required by Regulators Assist in preparing material to support regulatory filing etc
Key Internal / External Relationships
Internal : Investment Teams, Dealing, Compliance, Operations, Sales, Marketing, AM Central IT / Security, Group / Bank’s IT / Security
External : Application / infrastructure vendors, local regulators
Essential qualifications & experience
Bachelor's Degree in Computer Engineering, Information Technology, Computer Sciences or equivalent
Cybersecurity professional certification either CISSP or CISM a MUST
Minimum 8 years working experience in Financial Services as an Information Security Officer preferably with 3 years in Asset Management
Active exposure interacting with business stakeholders in Asia Pacific region
Ability to work effectively both individually and as part of an international team and with multiple stakeholders
Fluent in English, Cantonese and Mandarin is a MUST