• 5+ years of experience conducting investment management / quantitative research activities, 
• English and Mandarin
• Demonstrable experience of quantitative research and investment, and structuring funds/products. Good understanding of various types of quantitative investment and structured solutions such as cross-asset solutions, Factor Investing/ Risk Premia solutions, derivatives, structured notes, etc. in China (and preferrable outside of China), preferably with machine learning investment experience 
• Quantitative academic (MA) background preferably complemented with CFA
• Experience in building and implementing quantitative investment, portfolio construction processes and tools
• SAC and AMAC qualified
• Not currently being banned from entry into securities market 
• Of sound character and good professional ethics

Job Description

Located within the RISK Function of BNP Paribas (“BNPP”), the role of the RISK ORO ICT APAC is to ensure that the operational risk management framework is implemented and operating effectively, and to provide RISK ORM APAC and business senior management with relevant, synthetic, transparent, exhaustive and consistent information and a front-to-back view of operational risk across ICT APAC activities. To achieve this objective, this 2nd line of defense (“LOD2”) role works closely with other RISK ORM regional teams and within this context, the RISK ORO ICT APAC is member of the RISK ORM ICT APAC reports functionally to the Head of RISK ORM ICT APAC.

Direct Responsibilities

Responsible for implementing regional risk management programs in global organization, with robust knowledge of technology, risks, architectures, and related tools. Prior ICT risk experience (IT, Cyber, Vendor…etc.) & exposure to the Financial Services industry is a must. Experience with GRC tools and other risk management information systems is preferred.  

Individual will develop and communicate the risk assessment engagement models to ensure that ICT risk considerations are accounted for in all the bank’s operations.

Negotiation and Conflict Management skills an absolute must. Bank is undergoing a significant tech and ops reorg/transformation including outsourcing functions, streamlining, and refactoring applications. Will lead this effort from an independent risk assessment of these projects and will present findings to management. Excellent presentation & executive presence skills necessary. Experience interacting with regulatory agencies is required.

Governance and Oversight: 

•    Implement IT & Cyber Risk Management Program for the bank within the three lines of defense model in alignment with the Group Risk Management Framework.

•    Drive effective implementation and communication of Operational risk management (ICT) policies and guidelines. 

•    Provide support and oversight with respect to management of security and technology risks of core systems and applications. 

•    Oversee the Operational risk management activities and ensure practices are consistent with regulatory expectations and industry sound practices. 

•    Provide IT & Cyber risk management consulting to the business, technical and operations groups. 

•    Pro-active involvement in IT and Operations Transformation projects including the review of major outsourcing partners. 

Risk Management Environment:

•    Identification & assessment: Ensure that the identification and assessment of operational risks are effectively done across the organization by correlating input from Audit Findings, Internal Loss Data Collection & Analysis, External Data Collection & Analysis, Risk Control Self Assessments, Business Process Mapping, KPIs & KRIs, Scenario Analysis, and Quantified Measurement & Comparative Analysis.

•   Monitoring & Reporting: Implement a process to regularly monitor operational risk profiles and material exposure to losses and provide appropriate reporting mechanisms to the board, senior management and the business lines. Data capture and operational risk reporting should be continuously enhanced and provide a feedback loop to enhance risk management policies, procedures and practices.

•   Control & Mitigation improve the effectiveness of the Internal Controls program by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities. Assess operational risk response strategies. Validate risk transfer options. Ensure all Permanent Control Actions and audit recommendations are resolved within the specific timeline.

 Operational Resilience:

•   Support the Group and APAC management in the oversight and driving of APAC Operational Resilience program to ensure the ability of the bank to operate on an ongoing basis and limit the losses in the event of severe business disruption.

Risk Disclosure:

•    Provide updates on regulatory disclosure while complying with external and regulatory communications standards and disclosing the operational risk management (ICT) framework of the bank in a manner that complies with the formal disclosure policy approved by the board of directors.

Job Requirements

The successful candidate will have a proven track record in managing risk and technology in large/global organizations with robust knowledge of technology, risks and controls, IT and security architecture, operational resilience, and third party technology risk management. Prior ICT risk experience (IT, DR/BCM, Cyber security, Third Party, etc.) and exposure to Financial Services industry is a requirement. Experience with risk management tools and information systems is beneficial. 

Technical Skills

• Experience in business process re-engineering, experience with functional and enterprise technical architecture, good understanding of large-scale technology infrastructure.

• Understanding of emerging technologies e.g. IoT, Cloud, etc.

• Understanding of ISO 2700X series of standards and guidelines

• Significant experience in the field of Technology Risk Management, Operational Resilience, Cyber, Information Security and Crisis Management.

• Strong Risk mindset with understanding of applicable Technology Risk and Resilience regulatory requirements

• Proficiency in IT Service Management, Service Continuity domains

• Experience within a regulated environment such as financial services industry

Conduct

• Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks

• Consider the implications of actions on colleagues, partners and clients before making decisions and escalate issues to manager when unsure

Experience and  Qualifications required

• Graduate or post-graduate qualification in ICT domains, risk management or control function

• 10 years or more experience or practical understanding in IT, IT Security or other ICT domains required.

• Project management skills

Direct Responsibilities

• Direct contribution to BNPP operational permanent control framework.
• Contribute to the implementation of operational permanent control policies and procedures in day-to-day business activities, such as Control Plan.
• Comply with regulatory requirements and internal guidelines.
• Contribute to the reporting of all incidents according to the Incident Management System
• Ensure audit recommendations are resolved within the specific timeline.

Business Responsibilities

• Responsible for the submission all regulatory reports, data, announcements, and information disclosure of the asset management business of securities companies (CSRC, PBoC, AMAC, and SAC); complete the submission and information disclosure of regular regulatory reports and temporary regulatory reports in a timely and accurately.
• Responsible for compiling the process manual of asset management business information disclosure business and improving the design of information disclosure process.
• Responsible for account setting, OTC transaction confirmation, capital settlement and other business operations of the investment trading system.
• Responsible for the daily EOD settlement of investment trading system and other business operations of the investment trading system.
• Responsible for the account management of the fundraising and TA settlement account and the custody account, including but not limited to account opening, authorization, fund transfer, reconciliation, de-register, etc.
• Responsible for reviewing the data of TA/FA business results and daily business management.
• Responsible for reviewing the terms of operation such as asset management plan contracts, business agreements, and operating memo.
• Closely follow the relevant laws, regulations and regulatory policies of the asset management business, and conduct research on regulatory information disclosure.
• Cooperate with IT to complete the OPS business system requirements or system upgrade testing.
• Complete other tasks assigned by the OPS head.
• For all staff other than managers (permanent control aspects):

• Direct contribution to BNPP operational permanent control framework.
• Contribute to the implementation of operational permanent control policies and procedures in day-to-day business activities, such as Control Plan.
• Comply with regulatory requirements and internal guidelines.
• Contribute to the reporting of all incidents according to the Incident Management System.
• Ensure audit recommendations are resolved within the specific timeline.
• Ensure compliance with Company’s policies/procedures and regulatory requirements, in particular with regards to the KYC responsibilities and duties, as per relevant policies and procedures, and the summary of responsibilities list attached hereto.

Technical & Behavioral Competencies

Responsibilities

Key Internal / External Relationships

Technical & Behavioral Competencies