Societe Generale - Chief Information Security Officer

Consulting and Advisory :

- Provides Information security requirements to business and senior management to identify Information Security (IS) related risks and controls and ensure alignment of IS processes and solutions to main business objectives and strategy.

- Designs information security architecture, policies, standards and procedures; ensures architecture meets industry best practices based and organizational needs as well as SG global security policies and oversees locally implementation of global IT security projects.

Governance, Risk management for and fraud prevention :

- Develop, implement and monitor a strategic, comprehensive enterprise information security and data risk management program to properly protect confidential, private, and sensitive information owned, controlled, or processed by the SG GSC and will facilitate information security governance through the existing governance committees.

- Will coordinate efforts across the SG GSC, including Internal Audit,Sourcing, Human Resources, Information Technology, General Admin, and other groups to identify and promote key security initiatives and will develop and maintain an effective information technology security program including development and implementation of security standards, policies and procedures, awareness and training plan, and overall information security infrastructure. And constantly update the Security strategy to leverage new technology and threat information

- Will lead the investigation and remediation of security breaches (Information Security Incident Response Team), initiate appropriate action to protect information assets, and assist with disciplinary and legal matters associated with such breaches.

- Oversees and manages portfolio of Information Security exceptions and risk acceptance to ensure these are current, accurate and are supported by sound resolution plans.

- Ensures compliance to security standards and policies specific to the local organization, consistent with global Information security policies.

- Builds and manages a global and distributed information security network at various levels of the organization.

- Develop & Propose Information Security Objectives, IT Security Risks and mitigation actions including Security Improvement & transformation initiatives.

- Develop & propose budget and other required resources for protecting the information.

- Advise on the creation and management of information security and risk management awareness training programs for all employees, and approved system users and will ensure compliance with local and global laws, standards, and regulations

- Perform reviewing contracts, proposals, and deliverables for appropriate levels of security, proper use of encryption, and adherence to institutional security policies and industry best practices;