Chief Information Security Officer

In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 17,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.
 
Worldwide, BNP Paribas has a presence in 73 markets with more than 196,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.

BNP Paribas offers you an exciting career in an international business environment that is fast-paced, diverse and focuses on creating high-value relationships with our clients. We offer competitive salary and benefits, as well as a working environment where you’re valued as part of the team.

* excluding partnerships

Key Responsibilities :

• Work closely with Business in enabling user tools while maintaining security conformance to the Group control policies and guideline
• Participate in Business project discussions, understand project objectives and requirement, provide consultancy on ensuring security compliant, ensure Business fully understand any identified risk
• Maintain risk acceptance inventories, perform regular monitoring and review
• Coordinate with Country Permanent Control Team to determine the escalation requirement on security incidents and ensure proper closure of topics
• Ensure compliance with Regulator
• Compliance with Policies of different regulator. (BNM, PayNet, SC and Labuan FSA)
• Defining security policies
• Ensuring controls in order to comply with regulation
• In change of survey, requirement of Regulation related to IT Security
• Coordinate with Regional teams to understand security validation status
• Ensure uniformity of digital tool usage across regions matching regional control requirement
• Understand the Regional roadmap and align with the Local initiatives to ensure unique experience to Business
• Produce monthly reporting to supplement APAC BIS and Local Management
• Report on a quarterly basis to the Board of Directors of BNPPMB on IT security issues and initiatives
• Put in place an annual Security Risk Assessment program for BNP Paribas Malaysia
• Organize yearly Cyber Surveillance Briefing presented by the Regional Head of BIS
• Assist with routine Compliance and Audit functions to ensure requirements are satisfied
• Comply with Local, Regional and Group regulatory requirements and internal guidelines
• Actively coordinate and liaise with other IT and IT Security teams (local, regional and global) to ensure best IT Security practices, timely deliveries and smooth interaction
• Work in partnership with the Business Lines, Organization & Methods, Information Systems and others to draw up measures for implementing the Bank’s Information Systems Security Directives
• Work closely with Regional and Global IT Security & Risk Assessment teams to follow up on strategic projects and security issues
• Manage IT Security Risk topics efficiently and effectively by active collaboration and communication with cross-functional internal / external teams
• Participate in internal and external audits and articulate controls that satisfy any concerns raised
• Ensure timely reporting and resolution of IT Security related incidents (intrusion, virus, etc.), and participate and contribute from a risk assessment perspective as and when required
• Work closely with System, Network and Application teams for closure of non-compliance issues, which could be identified through periodic IT Security-related reviews / audits and controls
• Security reporting to APAC CISO (regular)
• Raise awareness of IT Security topics locally (communications, security awareness posters, quarterly new joiners’ orientation etc.)

Requirements :

• Knowledge and demonstration of experience of Information Technology, particularly the areas related to Information Security, Cyber Security, Cloud Computing, Big Data and Network Security Engineering is an advantage
• Bank knowledge in particular to Payment, Operations, Client Management, Compliance, etc.
• Regional or Global industry exposure.
• Risk Management professional certification such as ISO 27001 Certified Lead Auditor, CRISC, CISA, CISM or CISSP
• Experience working in Financial Services as an Information Security Officer
• Understanding and experience in the Finance industry is an advantage
• Bachelor’s degree in Computer Science, Information Assurance, or a related degree or equivalent experience is an advantage