Cyber Security GRC Specialist - DFS 500

 Jersey City, United States       Permanent contract        Security

Responsibilities

NYSDFS 500 Cybersecurity Regulation Leadership

  • Act as the lead for all DFS500-related matters to ensure the bank maintains and enhances its level of compliance with DFS500
  • Perform all required activities to ensure that the program is effective
  • Actively maintain the DFS500 methodology and program such as a charter, scope statement, program requirements, periodic review of required controls, annual attestation (including periodic sub-certifications), securing acceptance of deliverables and other evidential documentation as needed
  • Contribute to DFS500 exams as requested by the NYSDFS regulators
  • Collect and automate (whenever possible) DFS500 metrics to demonstrate risk reduction for the bank and to produce reports for multiple audiences such as management (CISO), auditors, technical staff, etc.
  • Act as a subject matter expert and advisor with regards to DFS500 requirements for all stakeholders

FFIEC CAT Leadership

  • Act as the lead to develop and maintain an effective FFIEC CAT framework for the bank
  • Ensure that the FFIEC CAT requirements are mapped to our other core regulations such as DFS500
  • Manage and maintain the FFIEC CAT framework to ensure the applications in scope are validated, the controls are in place and working as they should
  • Develop reports and metrics for multiple audiences

Security GRC Framework Contribution

  • Contribute to the design and deployment of the security GRC framework
  • Coordinate with all team members in the CISO’s organization to contribute to a security GRC framework and provide a “one-stop shop” shop for core security activities and controls
  • Contribute to security policies, standards, procedures, and guidelines
  • Contribute to the security GRC component of the bank’s GRC portal (Archer) to ensure it is aligned with our security GRC framework
  • Contribute to the security GRC framework to:
    • Ensure controls are in place and working as they should
    • Ensure policies, standards, procedures, and guidelines are updated to reflect changes in the business and IT environment
    • Ensure clients, regulatory, and internal requirements are being met consistently and cost-effectively
    • Automate and streamline all processes related to managing the bank’s security GRC framework
    • Provide multi-level reporting to all stakeholders in the company: Executives, clients, business leads, IT leads, audit and regulatory representatives
    • Build partnerships across the organization in all disciplines: audit, legal, information technology, business operations, sales and marketing, corporate communications, risk management, etc. to ensure the security GRC program is aligned with business objectives and requirements

Documentation, Reporting & Analytics

  • Contribute to the reporting framework that will provide regular metrics and statistics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; report security metrics and statistics to the Director of Security GRC

Profile Required

Knowledge & Experience Required

Education & Certifications

Business Insight

The Cyber Security GRC Manager will lead DFS500 related initiatives and contribute to the Security GRC framework. The position is hands-on and requires strong project management skills and tactical execution. The position requires an in-depth knowledge of the regulations (e.g., FFIEC, FDIC, SEC, DFS500) and best security practices (e.g., NIST, ISO) applicable to the financial industry. It is essential that the candidate be able to demonstrate practical and in-depth knowledge of security GRC practices and processes including the use of GRC tools such as Archer, reporting tools such as Tableau.


The ideal candidate is proactive and an experienced and proven project manager. Furthermore, the ideal candidate will be a strong collaborator with the Director of Security GRC, all the security team members, and across the organization (regionally in the Americas and globally with our HQ in Paris)

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Job code: 20000154
Business unit: SG AMERICAS OPERATIONAL SECURITIES
Starting date: Immediate
Date of publication: 12/06/2020
Share on

Cyber Security GRC Specialist - DFS 500

Permanent contract   |   Jersey City   |   Security