People join for the impact they can have on us. They stay for the impact we have on them. A flatter structure offers visibility and exposure beyond that of our competitors, so you know our names, and we know yours. It's personable, human, and inspires success through passion. By encouraging open mindedness and a willingness to share ideas, we have adapted to market changes and thrived through innovation. Bringing words like “hard work” and “dedication” together with “community” and “respect” has enabled us to work collaboratively and build our future together. We call this Team Spirit and it's what makes us different. It's what makes you different.
Description of the Business Line or Department
Reporting to the Head of GBS Service Unit, ROCS is responsible to put under control and steer the risks that fall under GBS' remit. On top of that ROCS is also in charge of production and coordination services.
Its responsibilities cover:
The operational risk management for GBS and part of DFIN (OSM);The management of cyber security and cybersecurity frameworks for Wholesale banking perimeter (DCS);The crisis and business continuity coordination for Wholesale banking perimeter (BCM);The framework of operational risks processes for Wholesale banking perimeter (RMF);The implementation of solutions to comply with regulatory requirements, the production of regulatory reportings and the provision of a regulatory expertise service (REG);The reconciliations processes (QTY);The data quality for Gold/TPS (supervised by the head of ROCS/REG);The oversight of outsourced and off-shored services (OVS).
From a governance perspective, ROCS is functionally under the responsibility of the Cyber security (RESG/TPS) Group Filière (for DCS activities).
Summary of the key purposes of the role
At Société Générale, you will be joining Global Banking & Investors Solutions (GBIS), our business that brings together Corporate and Investment Banking activities, Private Banking activities, and Asset Management and Investor Services. You will support the Operational Risk and Permanent Control department at GBIS, as they offer solutions (tools and processes) and investigate risks related to fraud, data security and business continuity.
Summary of responsibilities
Your main responsibilities will be:
1) Manage security incidents and investigations:
Ensure all security incidents are properly and timely managed and investigate based on incident severity/typeIdentify and push opportunities to enhance the control framework from the outcome of the various incidents managedDeploy new controls managed by the Security Operations Center (SOC)
2) Coordinate application security:
Review and adapt application security strategyOversee the execution of the process to regularly reassess the criticality of GBIS applicationsEnsure critical applications are compliant with cyber security policiesOversee the execution of the penetration testing exercises on critical applications and follow up correction of vulnerabilities detectedPilot and deploy application security initiatives in the regional locations
3) Follow Infrastructure security:
Animate a bi-weekly meeting with infrastructure security teamFollow main infrastructure security projects impacting the UK
4) Manage the deployment and run of Cyber Security controls
Follow-up and ensure escalation of unresolved control anomaliesAddress any improvements in operational effectiveness, arising from Audit or other recommendations
5) Perform security awareness related tasks for staff
Develop and update Cyber security awareness materialDeliver security awareness sessions
6) Contribute to the off shoring of DCS production tasks, and to identify and implement other efficiency initiatives within the DCS team
Level of Autonomy and Authority
You will be under the CISO responsibilities and could act on behalf of him on specific perimeter.
You will be part of a team and acting on different missions by yourself. You will be in charge to report to the CISO each deviation you will see regarding the security policies
Graduate from engineering school – Business School or University, with a master degree on Information Technology.Cyber security certifications (e.g. CISSP) would be a plus.Minimum of 4 years broad IT experience, at least 2 of which have been in a security roleIT Security experience within Financial Services is essentialPractical experience with Linux-based Cyber security practices, infrastructure and toolsProficient in Microsoft Office/Excel/VBAAnalytical and strong technical knowledgeAptitude for learning new technologiesSelf-learning and training to ensure skills and knowledge are in-line with responsibilitiesGood team player with strong interpersonal and communication skillsOpenly share your knowledge with the teamFluent in English, fluent in French would be a plus