Business Information Security: IT Infrastructure Security & Risk Manager

BNP Paribas offers you an exciting career opportunity in an international, challenging business environment characterized by high pace and diversity with focus on creating valuable relations with our customers.  We offer a competitive salary & benefits package and also an excellent work environment where you’re valued as part of our team!

BNP Paribas
The BNP Paribas Group is a leader in banking and financial services, employing over 185,000 people across 75 countries and 5 continents. At BNP Paribas, we work continuously on behalf of our clients, helping them to realise their projects around the world. You can be an important part of this, helping us to serve our clients both in mature and emerging markets, providing them with financial solutions across a diverse range of expertise, products and services. Our origins lie in Europe but nearly a quarter of our employees now work in our multi-award-winning Asian offices and we are a committed player in all APAC markets.

In Asia Pacific, BNP Paribas has been present in the region for over 150 years and plans to grow its business from €2bl EUR to €3bl EUR by the end of 2016. With 9,000 employees in the region and a presence in 14 markets (with 3 main centres in Hong Kong, Singapore and Tokyo), BNP Paribas offers you the chance to grow with us in Asia Pacific.


Competencies (Technical / Behavioral)

  • Extended knowledge of IT infrastructure & network and application security. Must be proficiency in Infrastructure & network (Internet, Intranet, Extranet, DMZ), and Application (Web, Client-Server, payment systems) security reviews
  • Extended knowledge of IT Security Risk Management concepts and with good understanding of industry APAC regulations i.e. MAS TRM, HKMA, FSA, etc.
  • At least 5 years of direct IT Security Risk Assessment experience with a strong background in Infrastructure & Network and application Risk Assessment, security operations, software development, and network & system administration.
  • Good understanding of financial trading and operating environment.
  • Must be able to handle stakeholders in a confident, positive and responsive manner.
  • Deep knowledge in the following is a must:
  1. Application (payment systems), Virtualization, Infrastructure & Network architecture review
  2. Network protocols and network connectivity concepts; Firewall, DMZ and Internet technologies;
  3.  Secure access control mechanisms; Encryption and Key Management techniques
  • Technical proficiency in:
    Unix / Linux; Windows  2008/2012/7 operating Systems; Mainframe; Sybase, Oracle, SQL and other relational Database Systems;  Major SIEM, IPS, IDS, Endpoint, etc. Security tools
  • To know how to define an action plan and to follow up on progress.
  • To be organized and meticulous.
  • Good communication, technical writing/diagramming skills.
  • Must be motivated, and able to work independently as well as part of a team.
  • Must demonstrate ethical responsibility, maturity, and discretion.


Specific Qualifications Required

 Professional credentials in relevant IT security disciplines, such as ITIL-SM, ITGI, CGEIT, CISM, CISA or CISSP, including CISSP-ISSMP, in good standing