Societe Generale - Risk Information Security Role

- Assist the Information Security Manager in defining and maintaining SG GSC's Information Security program.

- Ensure that InfoSec processes, procedures and controls are well formalized & documented, up-to-date, and properly executed.

- Maintain and supervise Information Security practices across all SG GSC BL's.

- Ensure compliance to the defined Information Security policy & procedures across the organization.

- Perform risk assessment for new initiatives and existing projects (infrastructure /applications).

- Collaborate with business stakeholders, technical teams & vendor(s) for deployment of any new technology (tools, applications etc).

- Aggregate all Information Security risks across business lines, paying particular attention to IT risks e.g. security, outsourcing, external provider, resources, system interruption, business activities, etc.

- Perform execution of various Information Security controls & BAU activities.

- Analyze and validate policy exception requests from the business.

- Perform investigation, remediation and reporting on all information security incidents and exposures.

- Ensure appropriate controls and KRIs in place for infrastructure & application security - perform periodic reporting & ensure compliance.

- Preparing InfoSec /Risk dashboards and providing inputs for governance meetings.

- Participate in the information security operational meetings with global counterparts.

- Conduct awareness programs on various Information security topics (delivering induction sessions, awareness communications, end-user trainings etc).

Technical :

Excellent knowledge & relevant experience in security domains /technologies related to :

- Infrastructure security

- Identity and Access Management

- Application security & project risk assessment

- Data Leakage Prevention

- End Point Protection

- Web filtering technologies, Proxies and firewalls.

- VA /PT, SIEM etc.

- Cloud security

- Intermediate understanding of Networking Concepts / Solutions & Active Directory.

- Intermediate understanding of security of web-based services/ applications.

- Intermediate understanding of security aspects related to Cloud Computing & migrations.

- Experience of working with new /disruptive technologies, handling APTs would be useful.

- Excellent knowledge of MS Office tools (Excel, Word & Power-point etc).

- Previous work experience in managing Information Security in Banking and Financial services domain would be advantageous

Functional :

- Assist with the development and implementation of IT security procedures and guidelines

- Maintain and document security control procedures

- Developing procedures, methods, reports, and scripts to facilitate the monitoring and measurement of enterprise-wide IT security solutions

- Pro-active follow up on potential security risks and incidents

- Creating event log dashboards, reports and alerts

- Management and monitoring of security infrastructure

- Detect and report flaws within existing security solutions

- Risk assessment & IS governance skills

- Capability to anticipate and communicate about the new risks (internal or external) and to propose relevant action plans

- Be highly autonomous in the execution of his/her assigned duties

- Good communication & presentation skills; ability to liaise with middle & senior management.

- Highly motivated and ability to work within a team.

- Ability to work in a constantly changing environment and manage priorities and schedules

- Ability to work in a position that has accountability with minimal authority over stakeholders

- Ability to collaborate with multiple teams, internal and external stakeholders.