sg happening
← 채용 목록으로
BNP PARIBAS

RISK ORM ICT APAC - Operational Risk Officer

Professional Permanent 7년 이상 경력

월급

$10,000 – $13,000

게재일

2026년 3월 27일

2026년 4월 10일 만료

지원하기

MyCareersFuture 에서 보기 ↗

카테고리

Banking and Finance

기술

Security RiskCEHICTGovernanceRegulatory StrategyRisk ManagementInformation TechnologyProject ManagementControlCyber Risk ManagementRisk Management ConsultingCISACISSPCISM

직무 설명

What is this position about?

Responsible for implementing regional risk management programs in a global organization, with robust knowledge of technology, risks, architecture, and related tools. Prior ICT risk experience (IT, Cyber, Vendor…etc.) & exposure to the Financial Services industry is a must. Experience with GRC tools and other risk management information systems is preferred.  
 
Individual will develop and communicate the risk assessment engagement models to ensure that ICT risk considerations are accounted for in all the bank’s operations.
 
Negotiation and Conflict Management skill is an absolute must-have. The Bank is under-going a significant Technology and Operations reorg/transformation including outsourcing functions, streamlining, and refactoring applications. The individual will lead this effort with an independent risk assessment of these projects and will present findings to Management. Excellent presentation & executive presence skills are necessary. Experience in interacting with regulatory agencies is required.

What would your typical day at BNPP Paribas look like? 

Primary Role Responsibilities

Governance and Oversight: 

  • Implement IT & Cyber Risk Management Program for the bank within the three lines of defense model in alignment with the Group Risk Management Framework.
  • Drive effective implementation and communication of Operational risk management (ICT) policies and guidelines. 
  • Provide support and oversight with respect to management of security and technology risks of core systems and applications. 
  • Oversee the Operational risk management activities and ensure practices are consistent with regulatory expectations and industry sound practices. 
  • Provide IT & Cyber risk management consulting to the business, technical and operations groups. 
  • Proactive involvement in IT and Operations Transformation projects including the review of major outsourcing partners. 

 Risk Management Environment:

  • Identification & assessment: Ensure that the identification and assessment of operational risks are effectively done across the organization by correlating input from Audit Findings, Internal Loss Data Collection & Analysis, External Data Collection & Analysis, Risk Control Self Assessments, Business Process Mapping, KPIs & KRIs, Scenario Analysis, and Quantified Measurement & Comparative Analysis.
  • Monitoring & Reporting: Implement a process to regularly monitor operational risk profiles and material exposure to losses and provide appropriate reporting mechanisms to the board, senior management and the business lines. Data capture and operational risk reporting should be continuously enhanced and provide a feedback loop to enhance risk management policies, procedures and practices.
  • Control & Mitigation: Improve the effectiveness of the Internal Controls program by reviewing the control environment, risk assessment process, control activities, incident management, information and communication and monitoring activities. Assess operational risk response strategies. Validate risk transfer options. Ensure all Permanent Control Actions and audit recommendations are resolved within the specific timeline.

Operational Resilience:

  • Support the Group and APAC management in the oversight and driving of APAC Operational Resilience program to ensure the ability of the bank to operate on an ongoing basis and limit the losses in the event of severe business disruption.

Risk Disclosure:

  • Provide updates on regulatory disclosure while complying with external and regulatory communications standards and disclosing the operational risk management (ICT) framework of the bank in a manner that complies with the formal disclosure policy approved by the board of directors.

What is required for you to succeed?

The successful candidate will have a proven track record in managing risk and technology in large/global organizations with robust knowledge of technology, risks and controls, IT and security architecture, operational resilience, and third-party technology risk management. Prior ICT risk experience (IT, DR/BCM, Cyber security, Third Party, etc.) and exposure to Financial Services industry is a requirement. Experience with risk management tools and information systems is beneficial. 

Technical Skills

  • Experience in business process re-engineering, experience with functional and enterprise technical architecture, good understanding of large-scale technology infrastructure.
  • Understanding of emerging technologies e.g. IoT, Cloud, etc.
  • Understanding of ISO 2700X series of standards and guidelines
  • Significant experience in the field of Technology Risk Management, Operational Resilience, Cyber, Information Security and Crisis Management.
  • Strong Risk mindset with understanding of applicable Technology Risk and Resilience regulatory requirements
  • Proficiency in IT Service Management, Service Continuity domains
  • Experience within a regulated environment such as financial services industry

 Conduct

  • Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks
  • Consider the implications of actions on colleagues, partners and clients before making decisions and escalate issues to manager when unsure

Specific Qualification:

  • Graduate or post-graduate qualification in ICT domains, risk management or control function
  • Industry-recognized information security certifications such as CISSP, CISA, GCCC, CISM, CRISC, CEH, OSCP or Security+.
  • 10-15 years or more experience or practical understanding in IT, IT Security or other ICT domains required.
  • Project management skills