The Firm is looking to hire a Cyber Security Risk Manager that will join the Risk Supervision organization to establish 2nd line-of-defense processes, policies and tools for SG's Cyber Security Risk environment. Cyber Security Risk coverage areas include evaluate overall cyber security risk, provide independent assurance over Cyber Risk, monitor and report on risks and ensure that remediation efforts remediate the risks is adequate.
Day to day responsibilities include but not limited to:
* Build a robust and sustainable Cyber Security Risk program.
* Partner with Chief Information Security Officer (CISO), and IT organizations to establish standards, policies, and develop KRIs and KPIs for measuring and monitoring cyber risks on a continuous basis.
* Provide and perform independent assurance and validation activities over common cybersecurity controls that include both administrative and technical.
* Assess the accuracy, completeness, and sufficiency of the risk management governance framework, processes and methodologies. Identify and define emerging cyber threats and risks to SG's environment
* Perform effective challenge of all critical and highly sensitive processes & controls, and business continuity
* Develop cyber security risk scenarios to identify potential attack vectors and TTP (tactics, techniques and procedures) to guide the continuous improvement of firm's cyber defense posture. Lead and support selected cyber security remediation efforts, involved with strategic planning with 1LOD.
* Solid foundation in information technology and information security principles. Familiar with common cybersecurity frameworks and standards such as NIST SP 800-53, FFIEC CAT, CSC Top 20, COBIT, ISO 27000 series.
* Requires broad and deep understanding of technical security concepts and familiarity with related technologies and infrastructure, as well as a solid conceptual knowledge of enterprise IT system operations.
* Ability to analyze root causes of cyber security issues and documenting remediation
* Understanding of financial services specifically within cyber and data privacy related laws, regulations, frameworks and guidelines (NYSDFS - 23NYCRR500, GDPR, GLBA, Regulation S-P, etc.) Interpersonal and collaborative skills and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
* Excellent written and verbal communication skills.
* Professional certifications in information security such as a CISSP, CISM, CRISC.
* High degree of initiative, dependability and ability to work with little supervision.
* Strong leadership skills with ability to lead by influence
* Proficient in common cybersecurity domains: data protection, access control, encryption, identify management, security operations, application security, penetration tests, end-point security, vulnerability management, threat intelligence, risk assessment.
* Proficient in Excel, Word, Access, PowerPoint, Outlook, Sharepoint
* Strong written and verbal communication
Prior Work Experience:
* Previous working experiences in cybersecurity operation and relevant security design knowledge.
* Previous work within Risk and/or Information Security/Cyber Security. Ideally, has worked in a 2 LOD Cyber Security Risk function
* Bachelor and or Master's Degree in Computer Science, Engineering or relevant technical field.
* CISSP, CISM, or CISA certifications a strong plus.
* Background in IT Risk Assessment, IT Audit, Information security management.
* Knowledge of US IT Security regulatory requirements and environment in financial services industry a plus (i.e. FFIEC, FIRNA rules, SEC, NIST cybersecurity frameworks).
Employees should understand the institution's approach to risk management and their respective roles in supporting a strong risk culture, as outlined in the SGUS Operations Enterprise Risk Management Framework.
At Société Générale, we live by our 4 core values of commitment, responsibility, team spirit and innovation. We are engaged and demonstrate consideration for others. We act ethically and with courage. We focus our talent and energy on collective success. We experiment and propose new ideas. This way, we maximize our ability to serve client needs and anticipate market changes. Société Générale is committed to strengthening bonds with colleagues, communities and the world in which we live, because relationships are at the heart of how we operate.
About Societe Generale
Societe Generale attracts deposits and offers commercial, retail, investment, and private banking services.