Wm Application and Security Risk Manager

In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 18,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.

Worldwide, BNP Paribas has a presence in 68 markets with more than 193,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.
- excluding partnerships

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

**MAIN OBJECTIVES & PURPOSE**

**Main Scope**

Role of Wealth Management Chief Information Systems Security Risk Manager (Deputy APAC CISO), being understood this role includes delegations from APAC WM CISO and fully participates in overall WMIS Cybersecurity objectives.

**Main Responsibilities**

**Application Security Risk Manager (Deputy APAC WM CISO)**
- Contribute to manage the WM Security team through the recruitment, performances review as well as training and career-path development
- Coordinate with APAC WM security actors, including Chennai-based resources
- Coordinate with APAC WM IT teams on risk and security topics, while promoting a secure development and deployment culture
- Assist for a Risk Treatment for any APAC WM issue, based on the WM GAIM generic process
- Periodic reporting of security status to IT Security Domain Head
- Ensure the regular reporting for management follow-up

**IT security compliance (delegation on WM APAC scope)**
- Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets
- Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes
- Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA)
- Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x, ensure the compliance with the IT security requirements
- Ensure the compliance with the Third-party Technology risks and the Cloud security
- Identify the process gaps and provide solutions

**Application Security**
- Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices.
- Identify and implement the latest security standards for internet facing and internal assets
- Perform Security risk assessments and reviews to be presented to respective committees

**Production Security (delegation on WM APAC scope)**
- Identify the production security requirements and ensure a smooth integration of WM assets within APAC IT Production, including network flow opening and Application Zoning compliance
- Identify the compliance level of the production environment and integrate them
- Perform an adequate Vulnerability Management at the server and middleware level based on production scans

**CyberSecurity Program (delegation on WM APAC scope)**
- Steering and driving of the security initiatives on the APAC scope expected by the WM CyberSecurity Program

**Coordination with IT Security actors**
- Reporting line to the WM GAIM Global CISO: alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Wholesale Application Security Dashboard )
- Coordination and control of security activities performed by APAC CIB Business Information Security and Production Security teams, including project assessment from production point of view, production security review, user security awareness for the WM scope.
- Coordination with the Swiss Security team concerning integration of WM assets within Swiss IT production
- Keeping abreast of initi