Tony Wu

Support to Cybersecurity & Digital Fraud (CDF) within the framework of internal control campaigns. Objective: Support and preparation of control campaigns for the various ITG (IT Group) departments. Processing of control results for presentation in committees to get an overview of the company's regularity. Team of 8 people. Internal control of IT security compliance for the internal perimeter of BNP and third-party applications (e.g., CHAPS & TARGET2 – Bank of England & Bank of France). Preparation of the applicability matrix: analysis of controls and entities to create delegations between departments to facilitate control execution. Analysis and monitoring of control execution, campaign results, and implementation of remediation plans to present KPIs in committees. Implementation and facilitation of support meetings with the various departments (difficulty in executing controls or discussion with ITRO/CISO on the relevance of the applicability matrix). Operational application of the ISO27001 standard and ABE. Centralization and archiving of various departmental requests. Facilitation of meetings with LOD2 and departments to discuss the relevance of control results.

Support to the Group Security Department (DSG) within the framework of the Pléiade program: Merger of BPCE-IT and Natixis infrastructures & teams (since January 2021). Objective: Centralize and map risks related to vulnerabilities. Support for Security Integration in Projects for the BPCE-IT and SPB (Security of People and Assets) perimeter. Risk Assessment with application stakeholders at BPCE to evaluate Business Impacts and define MOE/MOA. Management of Penetration and Vulnerability Tests: Review and analysis of reports. Presentation of recommendations. Implementation and monitoring of remediation. Facilitation of weekly meetings between business teams and the IT department. Contribution to the development of the TOP TRM 2024 application list. Review of scales according to DICP of vulnerability scans. Centralization of vulnerabilities/recommendations/security requirements in the Drive tool.

Contribution to the annual/quarterly reports of BP2I internal audit, presented in committees to provide an overview of the company's regularity towards the law. Internal control of IT security compliance for the internal perimeter of BNP and third-party applications (e.g., CHAPS & TARGET2 – Bank of England & Bank of France). Analysis, prioritization, documentation, and monitoring of non-conformities following performed controls. Annual review of Risk Letters with architects and managers for monitoring, updating, and re-evaluating previously identified risks. Operational application of the ISO27001 standard and ABE. Drafting of procedures and technical documentation. Creation of a data centralization file for methodology documentation / contacts / processes. Facilitation of documentation reviews focused on risks. Creation of detailed risk reports for management committees.