IT Risk

In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 18,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.
Worldwide, BNP Paribas has a presence in 68 markets with more than 193,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.
- excluding partnerships

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

**POSITION PURPOSE**:
The mission of the IT Risk & Cyber Governance Officer is to ensure, for the IT activities within his/her entity, the realization of operational permanent control including the measure and the management of all operational risks linked to Information and Communication Technologies (ICT) including cyber security risks in accordance with the framework as defined by the IT Governance of BNP Paribas, as well as the deployment and coverage of the IT Risk Management Group (ITRMG) framework.

The coverage is APAC and the scope is all Business Units in charge of IT activities

**Responsibilities**:
As per BNP Paribas internal control charter, operating IT entities, and first and foremost their managers, are accountable for the risks they are exposed to given the businesses or services they run or deliver.
In this respect, and in full compliance with regulations applicable at group level and at entity level, and in line with group’s norms and requirements, the IT risk manager should for the IT entities under his/her oversight,:

- Assist in identifying and assessing operational IT risks the entities are exposed to.
- Ensure the risk monitoring and mitigation framework is within the defined risk appetite
- Ensure the implementation and continuous adaptation of the risk framework
- Ensure proper awareness of the risk framework for all IT teams
- Provide consistent risk monitoring & registration tools
- Provide risk management information and reporting to eligible bodies

**IT Risk**:

- The management and reporting (to eligible bodies) of ICT risks (with if-needed associated risk acceptances, risk profiles,) through both periodic RCSA realization and ad hoc risk assessment on his/her perimeter in accordance with the EBA ICT risk taxonomy.
- Maintaining the list of IT operational risks at APAC level to facilitate monitoring and reporting of risk
- The organization of Function/Métier/Region IT risk committee at least twice a year;
- Provide support for various APAC IT Risk committees (APAC IT Risk/OPC, Technology Risk Committee, etc.) including logistic support, write the minutes, follow identified actions
- Consolidating and preparing the APAC contributions for various Internal Control and Permanent control committees

**IT Incident**:

- The collection and analysis of IT historical incidents, the validation of Métier/Region IT incidents input into the dedicated Group system, based on CIB standardised criteria, the contribution to the definition and follow-up of associated action plans in addition to regular reporting ;
- Able to review the incident, understand the root cause, recommend controls to prevent similar incidents occurs in future:
**IT Control**:

- The deployment and reporting (at minimum the major ones) of IT controls (OPC and operational, standard and/or specific) identified to mitigate the risks ;
- Execute the controls and escalate the failures to the stakeholders adequately to address the remediation and track it efficiently;
- The preparation of the ICT Permanent control report based on provided templates, where required

**IT Recommendation**:

- The overall follow-up and reporting (figures,