IT Auditor, IG Hub APAC
- Standard / Permanent
- HK-Hong Kong (HK)-Hong Kong
- INTERNAL AUDIT - INSPECTION GENERALE
As the leading European Union bank, and one of the world’s largest financial institutions with an uninterrupted presence in the region since 1860, BNP Paribas offers a wide range of financial services for corporate, institutional and private investors spanning corporate and institutional banking, wealth management, asset management and insurance.
We passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued and encourage applicants of all backgrounds, including diversity of origin, age, gender, sexual orientation, gender identity, religion applicants who may be living with a disability. We have a number of internal employee networks in place to empower our staff to act and challenge the status quo.
• BNP Paribas PRIDE is highly active in favour of the LGBTQIA+ community
• BNP Paribas MixCity which fosters better representation of women at all levels of the organization
• Ability, the mutual aid network for employees with a disability or a disabling or chronic illness
• BNP Paribas CulturAll which celebrates diverse backgrounds
BNP is committed to financing a carbon-neutral economy by 2050. The Group is a founding member of the Net-Zero Banking Alliance and has set up its own Low Carbon Transition Group to support its clients through their energy transitions.
BNPP has won Top employer Europe award in a 10th consecutive year
- To conduct Information Technology and Cybersecurity audit work in accordance with the IG methodology and ensure high standard of deliverables
- To contribute to the Information Communication Technology risk assessment of audit universe establishing a reliable communication channel with the auditees.
- To follow through with auditee on implementation of recommendations
- Participate in the audit team assignments and special reviews (when required by regulators, business lines, or senior management)
- Contribute to the planning and preparation of the assignment e.g. understanding the methodology to be applied, acquiring a deep knowledge of the activities to be covered, understanding the detailed technologies, gathering relevant key figures, etc.
- Develop a thorough understanding of the activities within the scope of the assignment, its strategy and governance, and the related risks.
- Evaluate the overall setup and identify the main areas of risk (including a comprehensive assessment of the management actions).
- Execute detailed investigations leveraging on a strong technical knowledge in various IT systems (Databases, Operating systems Linux/Windows, Cybersecurity/Network security, Virtualization, containerization, Cloud Computing and related risks)
- Leverage on adequate programming languages and scripting to perform efficient investigations by automating analysis.
- Ensure the adequate learning and understanding of the standard IT solutions used in the IT infrastructure and production, Cybersecurity management in order to analyze adequately their configuration and be able to identify and raise potential risks.
- Recommend appropriate actions to the management in order to remediate the identified weaknesses.
- Formalize the results of the assignment investigations and contribute to the production of the assignment deliverables.
- Present the conclusions of the assignment fieldwork to the senior management.
2. Review the implementation of the Inspection Générale recommendations
- Review and challenge the actions defined to remediate the weaknesses identified by the audit team through its assignments.
- Ensure the adequacy of the answers to address permanently the gaps following accurately the recommended actions.
- Perform relevant control testing to ensure the proper implementation of the actions.
3. Contribute to the periodic risk assessment of IT activities and planning
- Perform a periodic and comprehensive risk assessment of the IT activities as per the Group guidelines.
- Keep abreast of change/new development of regulatory requirements that are relevant to IT activities and related functions.
- Assist in the elaboration of the IT audit planning following a risk-based approach.
- Contribute to the improvement of the Inspection Générale practices through the elaboration and update of our methodologies.
Travelling requirement : below 30%
Technical and Behavioral Competencies required
- Strong expertise in Cybersecurity (IT security hands-on experience is a plus)
- Strong technical background in IT activities (including IT production / IT systems expertise)
- Curiosity, rigor, and precision.
- Outstanding analytical skills
- Ability to synthesize
- Excellent writing and presentation skills (in English)
- High level of initiative, commitment, and drive
- Ability to work effectively under pressure and within short deadlines
- Promotes a constructive, cooperative, and participative teamwork environment
Specific Qualifications (if required)
- Possess a Bachelor’s / Master’s Degree in Information Technology/ Management Information System / Computer Science and related discipline;
- Not less than 5 years of experience in external auditing / internal auditing / IT / risk / compliance / internal control / operations in the financial services industry.
- Professional Qualification/Certificate in Audit, e.g. CISA, CISSP, CISM, CCSP is a plus.