Senior Information Security Engineer Société Générale
New York, NY

Job Description

Environment

The Regulatory Oversight and Cyber Security group (ROCS) is responsible for the identification, assessment, monitoring, remediation and reporting of operational risks within the Global Banking Investor Solutions division(GBIS). The Data & Cyber Security group is responsible for management of Information Security and Cyber Security frameworks for the entire perimeter.

The Senior Security Engineer provides security technical expertise and guidance to the various teams responsible for the deployment and management of the bank's infrastructure and network programs.

More specifically, the ideal candidate works side by side with technical and project teams to ensure that security best practices and required controls are in place throughout the bank's infrastructure and network. It is essential that the candidate be able to demonstrate practical and in-depth knowledge of security engineering practices and processes including the use of various security tools such as IDS/IPS, AV, IAM, Firewalls, Endpoint, etc. It is preferred that the candidate possess a solid knowledge of the regulations (e.g., FFIEC, FDIC, SEC, DFS500) and best security practices (e.g., NIST, ISO) applicable to the financial industry.

The ideal candidate is an excellent communicator, able to translate technical language into business and risk language. Collaboration is key as the position requires working across multiple teams inside and outside of the CISO organization (regionally in the Americas and globally).

Mission

Day-to-Day Responsibilities:

* Working with the technical teams, test, select, architect, and deploy security technical solutions and processes for the bank's infrastructure and network
* Once engineering work is completed on projects and tool deployment, develop on-going and sustainable documentation to support all new tools, processes, etc.
* Support continuous monitoring activities such as vulnerability scanning in collaboration with the VM team
* Offer consultation to the CISO and the security incident task force once a security incident/breach has occurred
* Participate in "routing meetings" to ensure data security and protection controls are embedded in new applications/systems before going into production
* Collaborate with the Application Security Engineer and their team on projects as needed
* Provide support in all aspects of security engineering, security tools and processes during audit and regulatory exams
* Collect and automate (whenever possible) security metrics to demonstrate risk reduction for the bank and to produce reports for multiple audiences such as executive management (board of directors, e.g.), auditors, technical staff, etc.
* Contribute to the global strategy and roadmap to ensure security activities are effectively reducing the bank's risk exposure due to confidentiality/integrity issues, data leakages/thefts, unsecure systems, and other threats/risks
* Contribute to the design and implementation of an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; report security metrics and statistics to the CISO and other key stakeholders throughout the bank
* Manage any security business practice irregularities, violations and infractions including exceptions, risk memos, security position memos
* Prepare annual detailed plans for security reviews/audits and any other compliance tasks required internally or externally (e.g., firewall rule reviews)
* Act as a subject matter expert and advisor with regards to security engineering requirements for all stakeholders

Profile

Technical Skills:

* Strong knowledge of operating systems, relational database architecture, client/server technology, wide and local area networks, communications protocols, real-time systems, mission-critical systems, and various types of computer equipment, operating systems, etc.
* In-depth and hands-on experience with network security solutions such as Firewalls, IPS/IDS, Web Application Firewalls, Network Monitoring systems, VPN, etc
* Extensive training in engineering disciplines including systems programming, systems design, computer technology, and software disciplines

Competencies:

* Operations management, project management, and system implementation management skills
* Ability to influence the IT organization in integrating security measures and tools in their systems

Qualifications:

* Strong analytical skills, problem solving skills and project management skills

Experience Needed:

* 5-7 years' work experience in network support, programming or operations required
* 3-5 years' hands-on work experience in various security domains including security technologies
* Past experience managing small to mid-sized teams

Educational Requirements:

* Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MIS required
* Certified training in security management, risk and compliance solutions and practices. CISSP, CISA, CISM, GSEC, CRISC, or related certification(s) required