IT Risk and Control Officer

In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 18,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.

Worldwide, BNP Paribas has a presence in 68 markets with more than 193,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.
- excluding partnerships

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

**Position Purpose**:
**Roles & Responsibilities**:
The IT Risk and Control Analyst is responsible for contributing to the adaptations of WM GAIM IT Risk framework such as
- Contributes to the governance of IT project lifecycle on IT Risk requirements
- Contribute to the IT Risk Card Management including regular review and follow up of existing risk cards
- Perform risk assessment for projects and periodical review in accordance with the policy at Global, APAC Regional and Local level
- Perform Shadow Light IT risk assessment and follow up as well as inventory coordination to comply regulators and group standards
- Contribute to IT Control Plans campaign required at both Global and Local level and ensure the follow up of the remediation plans
- Ensure proper IT Production and Cybersecurity Incident risk reporting according to group procedure
- Timely and accurate key risk indicator reporting for WM IT activities
- Support the WMIS team in their contribution to the IT Risk activities
- Assist in IT risk & control related tasks assigned by his/her manager

**CUSTOMER/SUPPLIER RELATIONS**:
**Internal**:

- WMIS CIO
- WMIS Domains & Divisions
- WMIS Risk & Cybersecurity

**External**:

- WM APAC Conduct & Control
- WM Global and APAC OPC
- Risk ORC
- APAC BIS
- APAC ITP
- ISPL IT OPC

**Essential Technical Knowledge/Skills**:

- Strong knowledge of IT Risk Management with practical exposure
- Familiar with IT System Development Life Cycle process and methodology
- Knowledge of Information Systems in Banking industry
- Strong English communication skills in both written and verbal
- Team player with strong coordination skills
- Strong interpersonal and analytical skills
- Strong knowledge of Microsoft Office suite

**Qualifications and Experience**:

- Bachelor’s Degree in any discipline, with 10 to 12 years of relevant experience in areas including but not limited to Technology Risk Management, IT Audit and/or IT Security
- Risk Management certification (e.g., ISO 31000, ISACA CRISC, etc)
- Project Management skills

**Other Value-added Competencies**:

- Knowledge of regulator’s Technology Risk Management Guidelines (e.g. MAS, HKMA, TW FSC, etc)
- High regard for confidentiality and integrity of all confidential information
- Familiar with regulatory requirements, concepts, trends and technologies
- Familiar with data governance and protection
- Ability to provide accurate reporting to the Management
- Adaptability to handle specific management requests
- Primary Location
- SG-06-Singapore- Job Type
- Standard / Permanent- Job
- INFORMATION TECHNOLOGY- Education Level
- Bachelor Degree or equivalent (>= 3 years)- Experience Level
- At least 7 years- Reference
- WEA002334