Chapter Manager - SEC

 Chapter Manager / Chapter Prod -SEC is responsible for organizing and managing crucial production topics like Incident Review board, Change review board, Problem review board, Capacity management review, Infra security review, Sec production review etc. Chapter prod will also need to make sure that the ITSM process are communicated to the SEC teams and is being followed well with good quality.

Responsibilities:

The position of Chapter PROD SEC includes 6 main functions:

1/ Organize/manage the crucial PROD points:

- IRB SEC meeting (Incident Review Board) Weekly): follow-up point of the previous week's incidents (to prepare potentially PIM)

- CRB SEC meeting (Change Review Board): update on the changes scheduled for 1 week from Thursday of the coming week to the Wednesday the week after (7days)

- PRB SEC meeting (Problem Review Board): follow-up point of problems created after repeated incidents identified (action plan follow-up/update of Ptasks etc...)

- Capacity Management SEC : the ‘Group critical’ and ‘Critical’ infrastructures monitor their capacities well and anticipate variations (CPU, RAM, disks etc...) + major infrastructure developments ahead

- Quarterly Infra SEC review : ensure with OPM/RQD the consistency of SEC solutions in the Securiprod according to the ASA Security sensitivity level (Group critical/Critical). Manage additions/modifications/deletions (decomm) via OPM/RQD tools (go/gis)

- Chapter PRD meeting (all chapter PRODs!): reminder of OPM's expectations, good practices, exchange/share information, propose improvements, report on impacting points, etc...

- SEC Prod review (all SEC/DVF/Exco, SOC, GSCI/GSCRO + SEC/DIR): give visibility (monthly) on Production to SEC/DIR (summary of P1/P2 incidents of the past month, update of indicators (KCI), status of Problems, patching, Securiprod ... + Achievements & Next steps of each SEC sub-entities)

 2/ Carry out a regular watch on the best practices of the Production in correlation with OPM in order to follow their evolution, the new standards/norms/processes (to then communicate them)

3/ Regularly remind the teams (SEC Paris, GSC BLR, GSCRO) of the best practices of the Production:

- How to manage INCIDENTS (the right reflexes, communication, crisis management, associated reporting: i.e. Post-Mortem

- Change management (what type of change to set up according to the needs: emergency, accelerated, standard, normal), how to get approvals + PIR/Post Implementation Review (improve our way of delivering)

- Communication templates depending on the event (Incident or Change/Release)

- Encourage the opening of problems (capitalize on recurring incidents, remediation action plans)

- Vigiprod, Securiprod (the rules to know), AlertCo, TDC/Control towers (the key numbers to know)

 4/ Work with the SEC Chapter PRODs of each team (and the Service Managers in particular, for the distribution of tasks) in order to:

- Regularly review repositories: assets (Marley), applications (Kear), Dxportal …

- Assist them with the migration of tools (e.g. Impulse to Unity, ICLT to Dxportal, etc ...)

- Ensure that the Control Towers know their perimeters (up-to-date documentary database in Securiprod if infra Group critical or critical).

- Help them set up Capacity planning (to anticipate incidents: metrics, governance, follow the established process)

- Monitor the volume of their assets (cost reduction objective, process legacy (i.e. IOTA) with decommissioning plan, etc...)

- Ensure that they contribute to the annual [GRT] DR tests or that they set up one-off/Unitary tests (partial DR) at the Securiprod frequency in order to validate with OPM/RQD the resilience of their infrastructures

- Ensure that they follow the rules of patching (SerOm)/hardening, vulnerability treatment, pentests with associated action plans,

- Report the points impacting their Production (processes, tools, etc.) and make proposals for remediation and/or optimization. For example: on-call duty, optimal alerting/monitoring, etc.

5/ Incident management in crisis mode : in case of impacting incidents (SEC liability or not but with impacts on SEC solutions/infrastructure) participate in Control Tower conference calls (+ technical if needed), collect information and give a regular status to SEC, SEC/DVF management and SEC AlertCo (email, Citadel...).

6/ Roles related to the Unity ITSM tool:

a)       SEC SPOC role for OPM:

b)      Contribute with the POC/(Unity) Process Officers, to the updating or optimization of the Policy and the procedure.

c)       Participate to the governance.

d)       Locally manage the deployment of the ITIL process with the help of the operational/key users

e)      Unity referent for SEC/DVF and SEC/SOC (GSCI and GSCRO included) : ensure that the tool is correctly configured (Groups, TOM roles... taking into account all the modifications around SEC solutions) and remains in operational condition for SEC teams

- Good Knowledge of Infra (Security tools knowledge will be an advantage)
- Have a spirit of synthesis, be organized, rigorous, Interpersonal skills 
- Good knowledge of ITSM processes, tools
- Good level of English (Written & Verbal)

“We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.

At Société Générale, we are convinced that people are drivers of change, and that the world of tomorrow
will be shaped by all their initiatives, from the smallest to the most ambitious.
Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating and taking action are part of our DNA.
If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!
Still hesitating?
You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices and sharing their skills with charities. There are many ways to get involved.