Cybersecurity Operations Governance Officer

In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 18,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.
Worldwide, BNP Paribas has a presence in 68 markets with more than 193,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.
- excluding partnerships

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

**Main Scope**

Role of Wealth Management Cybersecurity Governance Officer, being understood this role reports to the APAC WM CISO and is located in Singapore and fully participates in overall WMIS Cybersecurity and IT Risk objectives.

**Main Responsibilities**:
**Cybersecurity Project Oversight**:

- Participate in the Projects animation of the WM Security operations and contribute to structure the activities in terms of follow-up, tracking and reporting for the various pillars (Data security, Network security, vulnerability management, Security incident management, IT asset security compliance, Technical Access management)
- Coordinate with WM security operations actors, including EMEA (Paris/Lisbon), APAC (Singapore/India) based resources
- Coordinate with WM IT Risk and Cybersecurity Governance office to reinforce the reporting of WM Cybersecurity and Risk management
- Contribute to the steering and driving of the security initiatives on the APAC scope expected by the WM Cybersecurity Program

**Production Security oversight** (**delegation on WM APAC scope):

- Identify the production security requirements and ensure a smooth integration of WM assets within APAC IT Production, including network flow opening and Application Zoning compliance
- Identify the compliance level of the production environment and contribute to remediation actions definition while keeping the oversight on actions progress
- Keep an overview and ensure the adequate Vulnerability Management at the server and middleware level leveraging on production scans and liaising with relevant production stakeholders
- Contribute to the management of Cybersecurity incidents

**Coordination with Global IT Security actors**:

- Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard, Security Operations committees ) for WM global footprint
- Coordination and control of security activities performed by
- **APAC CIB Business Information Security and Production Security **teams, including project assessment from production point of view, production security review, user security awareness for the WM scope.
- Keeping abreast of initiatives by the
- **IT Security community within the Group** and other IT Security stakeholders within the Group

**IT security compliance** (delegation on WM APAC scope):

- Ensure the alignment with the Group and WM GAIM security policies and contribute to improve the procedural framework
- Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA)
- Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x, ensure the compliance with the IT security requirements
- Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes while identifying the process gaps and provide solutions.

**Essential Banking Knowledge**:
General Knowledge:

- Banking Knowledge and understanding of Wealth Management specificities

Deep Knowledge:

- International and APAC banking regulations

**Essent