ITO Conduct & Control Officer

Employment contract:

Standard / Permanent


Bangkok, Thailand






The ITO Conduct & Control Officer reports to Head of ITO CCCO and responsibilities include the following:

Business Continuity coordination

·         Defining and implementing a BCM Program based upon the BCMS process that is defined by regional team

·         Ensuring performance and oversight of all activities of the local BCM Program

·         Defining the criticality and continuity requirements of applications and analyzing gaps between requirements and capabilities in order to report on risks incurred from IT failures.

·         Providing guidance, assistance, support, advice, training, etc., to users as appropriate for them to undertake their responsibilities.

·         Playing the crisis management role for BNPP Thailand crisis management organization during an incident

·         Reporting key risks identified through the risk assessment and business impact analysis to management as appropriate

·         Providing all necessary information on business continuity and reports required by local regulators and supervisory authorities

·         Ensuring that the implementation of BCM program complies with ISO27001 requirements

·         Working closely with users, local IT team and regional BCM team


Physical Security coordination

·         Coordinating, with the relevant stakeholders, all the physical security topics regarding local assets and activities

·         Organizing the physical security committee at least twice a year

·         Monitoring the physical security activities for all the local BNPP assets in a dashboard that helps management to assess the adequacy of the physical security provisions to the risk

·         Carrying out the country/territory risk assessment rating at minimum every 6 months

·         Validating the risk rating with PSM and PPSM and reporting the result to local steering committee

·         Monitoring the physical security risks and identifying the emerging new risks

·         Conducting regular assessments of the local level of exposure and propose appropriate remediation measures

·         Recording and analysing the physical security incidents and proposing mitigation if necessary

·         Due diligence and safety monitoring and escalation to PSM/PPSM for areas where BNPP assets may be impacted and lead to business or organization disruption.

·         Contributing to the execution of the PPS control plans

·         Implementing all additional security controls required

·         Defining the procedures and guidelines in accordance with the local regulations and the CIB or Group framework.

·         Deploying the policies and defining and setting up local processes, procedures and standards

·         Implementing the physical security provisions

·         Conducting regular robustness tests to ensure operational readiness of the security systems and of the operational teams

·         Monitoring the regulatory requirements changes

·         Conducting security reviews of premises

·         Contributing, when needed, to the security of off-site events organized by BNPP

·         Taking part when necessary in the management of crisis situations

·         Supporting readacross and improvement related requirements organised by the Region PSM and/or Global PSM

·         Conducting security reviews as needed

·         Monitoring the presence BNP Paribas travelers and expatriates and bringing support when needed

·         Ensuring that new expatriates receive a security brief

·         Designing and conducting trainings and awareness communications for BNP Paribas’ staff and other stakeholders

Identity & access management coordination


·         Coordinating all local identity and access management matters:

·         Acting as administrator / access right provisioner for local systems

·         Managing and distributing tokens for local systems

·         Coordinating access rights reconciliations and recertifications as required

·         Local correspondent for MyIAM data: approval and provisioning workflows, delegations, user groups updates, toxic combination and FRC mappings

·         Local correspondent for RefOG data: ad hoc updates of the organization as well as periodic controls

IT Governance


·         Providing support on IT audits, ISO27001 audit, IT security and risk dashboard, IT control plan, IT Due Diligence, IT regulatory reporting, etc.


·         Work on any assignment given by the Head of ITO CCCO



  1. Willingness to learn with ‘can do’ attitude

2.     Good team work, communication and interpersonal skill

  1. Good command both in Thai and English (both written and spoken)

4.     Ability to prioritize tasks

  1. Customer orientation
  2. Knowledge and experience in IT infrastructure, application or related field
  3. Understanding of Information Security and good governance practice

8.     Knowledge in IT security & IT Risk and Control implementation

9.     Awareness in IT related security topic such as Cybersecurity Law, PDPA, etc.

10.   Awareness of ISO27001:2013 information security: An Information Security Management System (ISMS) is an International Standard that specified the requirements for establishing, implementing, maintaining and continually improving this ISMS. It is the responsibility of all the staff of BNP Paribas Bangkok Branch to contribute to this common objective.

11.   Ensure compliance with Bank’s policies/procedures and regulatory requirements, in particular with regard to the KYC/AML/FS responsibilities and duties, as per relevant policies and procedures.

Specific Qualifications Required

  • Experience in business continuity, IT governance, risk management, IT security, IT infrastructure or related field is preferred.
  • Banking experience is preferred