Apply Now

IT Risk Manager, VP

Singapore, Singapore | BNP Paribas

  • Industry:
    Financial Services
  • Position Type:
    Full-Time
  • Functions:
    IT / Information Technology
    Risk Management
  • Experience:
    7-10 years
Job Description:
96 people have viewed this job

The mission of the IT Risk Manager is to ensure, for the IT activities within his/her entity, the realization of operational permanent control including the measure and the management of all operational risks linked to Information and Communication Technologies (ICT) including cyber security risks in accordance with the framework as defined by the IT Governance of BNP Paribas, as well as the deployment and coverage of the IT Risk Management Group (ITRMG) framework.


 

The coverage is APAC and the scope is all Business Units in charge of IT activities


Responsibilities


 


As per BNP Paribas internal control charter, operating IT entities, and first and foremost their managers, are accountable for the risks they are exposed to given the businesses or services they run or deliver.




In this respect, and in full compliance with regulations applicable at group level and at entity level, and in line with group’s norms and requirements, the IT risk manager should for the IT entities under his/her oversight,:


Assist in identifying and assessing operational IT risks the entities are exposed to

Ensure the risk monitoring and mitigation framework is within the defined risk appetite

Ensure the implementation and continuous adaptation of the risk framework

Ensure proper awareness of the risk framework for all IT teams

Provide consistent risk monitoring & registration tools

Provide risk management information and reporting to eligible bodies


IT Risk


- The management and reporting (to eligible bodies) of ICT risks (with if-needed


 associated risk acceptances, risk profiles, …) through both periodic RCSA


 realization and ad hoc risk assessment on his/her perimeter in accordance


 with the EBA ICT risk taxonomy.


Maintaining the list of IT operational risks at APAC level to facilitate monitoring and reporting of risk


- Managing IT risk findings resulting from production incidents, application and 


  infrastructure IT security risk assessment with APAC IT Business Units and 


APAC CIOs, CTO and CISO and raised risks ( e.g.: ICC, APAC IT OPC 


Steering Committee…)


- The organization of Function/Métier/Region IT risk committee at least twice a


 year; 


Provide support for various APAC IT Risk committees (APAC IT Risk/OPC, Technology Risk Committee, etc.) including logistic support, write the minutes, follow identified actions

Consolidating and preparing the APAC contributions for various Internal Control and Permanent control committees 


IT Incident


The collection and analysis of IT historical incidents, the validation of Métier/Region IT incidents input into the dedicated Group system, based on CIB standardized criteria, the contribution to the definition and follow-up of associated action plans in addition to regular reporting ; 


IT Control


The deployment and reporting (at minimum the major ones) of IT controls (OPC and operational, standard and/or specific) identified to mitigate the risks   

The preparation of the ICT Permanent control report based on provided templates, where required


IT Recommendation


The overall follow-up and reporting (figures, alerts, etc.) of IT recommendations implementation in his/her scope (IG/Regulator/external/Permanent Control actions/Independent consultant) in order to meet the Group objectives; 


CUSTOMER/SUPPLIER RELATIONS:


Internal:


CIB divisions : Business and Information Security

Internal Audit / Inspection General

APAC ORC, APAC OPCs

APAC Anti-Fraud

Global IT OPCs, Global ORC

Local OPCs, Local ORC

Regional CIOs, CTO and CISO


External:


External auditors & Regulators

  


 


Technical and Behavioral Competencies required


Essential Technical Knowledge/Skills:


A solid background in operational risk management and control framework

Knowledge of IT practices :project management ,security, continuity and production

Excellent analytical skills and reporting capabilities (KPIs, dashboards, metrics, assessment …)

A practical understanding of a large bank’s organization and systems

Familiar with process analysis and improvement, drafting of workflows and procedures


Qualifications and Experience:


At least 5 years of experience in an IT Risk, Control and Audit environment. Prior experience inIT Security Risk management would be advantageous

At least 5 years of experience in IT environment 

Recommended certification: CISA , CISSP


Other Value-Added Competencies:


 Attention to detail

Ability to manage several initiatives/projects and keep these on-track simultaneously

Ability to effectively manage your own time and the priorities

Interpersonal skills, ability to consolidate action plans and report progress status

Pragmatic, ‘Can do’ attitude & Proactive approach with a strong ability to work on own initiative

Capable of adapting to a new environment and to work under pressure towards tight deadlines

Excellent oral and written communication

Good interpersonal skills

Big picture awareness


Other companies hiring with Ivy Exec

 Company Logos