Company: Societe Generale
Company Address: 28/F, Three Pacific Place, Hong Kong
Company Website: https://www.societegenerale.com/
Company Background:
SG CIB is the Corporate and Investment Banking arm of the Société Générale Group. Present in over 50 countries across Europe, the Americas and Asia.SG CIB provides corporate, financial institutions, investors and public sector clients with value-added integrated financial solutions. Present in over 50 countries across Europe, the Americas and Asia. Societe Generale provides corporate, financial institutions, investors and public sector clients with value-added integrated financial solutions. The Information Technology Department provides and maintains IT solutions to support the business’s growth. The Finance Risk and Market Data team is a regional team with 80 people based in Hong Kong, covering the Asia Pacific region. The team drives the IT solutions for the Finance department across Asia Pacific, covering specifically Accounting and Regulatory Reporting projects across the locations.
Type of Industry: Banking and Finance
Job Title: Vice President / Information Security Expert
Job Type: Graduate Job
Job Description:
The Data and Cyber Security (DCS) team has the following main responsibilities:
- Identification, reporting and management of Asia cyber risk
- Third party cyber risk assessment and management
- Asia cyber risk awareness campaigns and training
- Advice on cyber security to business service unit (e.g. as part of new projects suggests controls to mitigate risks)
- Cyber incident response (including management of data leakage incidents)
- Management of response on cyber topics to Asia and international regulators
- Response to client due diligence requests on cyber security
Your Responsibilities:
Security Control Review:
- Define scope, roadmap, and testing plan to assess key cybersecurity controls on an ongoing basis
- Perform test of design and effectivenss on key cybersecurity controls
- Work to embed control testing within the organisation with a focus on automation and efficiencies
- Work with various teams to define follow-up actions to remediate control weaknesses identified
- Maintain, review and renew risk acceptances for control risks that cannot be fully mitigated
Project Security Assessments
- Work with relevant teams to perform security assessments, reviewing high and low level architecture designs, and provide recommendations to mitigate identified risks on new projects being rolled-out
- Depending on the nature of the project, security assessments should cover application and data security requirements to ensure compliance with the Bank's internal policies and framework
- Ensure compliance with cybersecurity related regulations that may be relevant to the project
- Perform follow-up on remediation actions that may result from the security assessment
Third Party Risk Assessments
- Perform information security reviews on requests for outsourcing, including review of the vendor's security capability and risk of data leakage
Regulatory Reviews
- Perform reviews to assess the Bank's compliance against cyber regulatory topics across Asia
- Work with Compliance to identify new and arising regulatory requirements with impact to cybersecurity
Participation in committees
- Participate in regional and global governance meetings and normative committees where required
- Provide updates within the team and liaise regularly with other teams in Asia, including application managers, technology, compliance, operational risk managers, risk management and third party management
Job Requirements:
Proficient in performing security architecture and security design reviews
Knowledge of application, system and network auditing
Strong understanding of IT infrastructure and IT applicative framework architectures
Familiarity with cloud computing and container technologies (docker and kubernetes)
Good understanding of application vulnerabilities and common exploits (e.g. OWASP Top 10)
Knowledge of security hardening standard (e.g. Centre for Internet Security benchmarks, NIST)
Experience with security control reviews and audits
Experience in performing third party reviews / assessments
Familiar with cybersecurity regulatory topics in Asia (e.g. HKMA C-RAF, MAS TRM, etc)
Computer programming experience desirable
Excellent English verbal and written communication skills, experience in communicating complex technical topics at senior organizational levels,up to and including MD level
Client oriented mindset, results driven, proactive and quick to react to requests
Innovative and bringing new ideas to improve processes
Bachelor degree in Information Technology or equivalent
Professional qualification such as CISSP, CISM, ITIL
Experienced security professional with 8+ years of relevant experience
HKMA Enhanced Competency Framework (ECF) certification is preferred
BEHAVIORAL SKILLS
Responsibility - Risk awareness: I am constantly on the lookout for risks
Responsibility - Performance: I strive for high performance
Team Spirit - Synergies: I make cooperation with colleagues in and outside my team a priority
Team Spirit - Open mindset: I listen and share my views and my expertise in an open mode
Client - Understanding and Respect: I listen to clients and colleagues in order to understand and anticipate their needs
Client - Risk: I strive to satisfy clients while taking into account risks for the company
Application Details:
Apply directly via our career page: https://careers.societegenerale.com/en/job-offers/vice-president-information-security-expert-23000QOY-en
Application Deadline: 31 May 2024 (Friday)
Date Exhibited: 6 March 2024
More Jobs from Societe Generale.