Cyber Security Lead- Infosec Services
- Manage and execute on the responsibilities assigned across various topics – such as L2/L3 DLP alert & incident mgmt., access review and approvals, email incidents/requests mgmt., mover/leavers governance and compliance reporting, engagement with communication and other teams to work on training and awareness, governance, and execution.
- End-to End management of Audit as an auditee
- Manage the incidents and requests coming into the shared mailbox and take timely actions as per process
- Vulnerability and patch management
- Establish and tracking governance on the Risk and Compliance aspects.
- Development and publishing of reporting and dashboard which are weekly/monthly based predefined Cyber SEC Aspects to be covered.
- Contribute to the process enhancement and development of various policy procedures for GSCs.
- Review and submit details for various controls, audits, etc. And work with vendors as required on assessment and compliance requirements.
- Collaborate with all other BU/SU, IT depts and support functions as needed to deliver on the key needs of IT/Cyber Security and compliance and other organization goals.
- Process enhancement and automation
- Review IT risk self-assessments and follow -up the implementation of agreed risk remediation plan
- Partner with sr. stakeholders to proactively identify information security risks and assess the adequacy of controls to manage such risks, including recommending enhanced or additional controls
- Proactive in identifying and following up on anomalies / areas of concern
- Independently review, challenge and support information security activities. - Review the analyses carried out by the CISOs on their information security risk profile and the related remediation actions
- In response to material information security events, whether internal or external, conduct independent deep dive review of the preliminary, interim and final incident investigation report and act as a challenge function to such reports
- Support information security reporting and monitoring of metrics and Key Risk Indicators (KRI) at the product line and divisional levels; continuously review existing body of KRI and related reporting
- Participate in the validation of the information security standards and standards applied by the BUs/SUs and the requested exceptions
- Investigate significant incidents due to their nature or financial impact
- Understanding and hand on experience in managing 2-3 cyber sec aspects – such as Application Security, Data Security , monitoring and reporting on IT/Cyber SEC Controls, managing incidents/request related to IT, Network Security, TPRA, Vulnerability and Patch Management.
- Good understanding of CIA triad.
- Fundamental knowledge and experience on IT Infrastructure and Endpoints mgmt.
- 5-7 years on IT delivery experience.
- Technical knowledge and experience managing teams across various domains involved in Workplace, Data center, Networking, Middleware, security, compliance is required.
- Good understanding and delivery based on ITIL framework, Knowledge of security frameworks, certifications and training is a plus.
- Good proven experience in managing end to end delivery of offshored/remote teams is very key. Including experience and exposure of managing and working with cross culture, global teams, and clients.
- Should have basic understanding & experience of key security technologies/security mgmt. areas: Threat Hunting, Malware Forensic Analysis, IPS, EDR, DLP, SIEM, End, network and Infra security, Mobility and Remote mgmt. Vulnerability mgmt. Cloud security, etc. Understanding of various Cyber Threat and Controls and Governance aspect is preferred.
- Must have basic knowledge of security frame works in the industry and best practices – MITRE, OWASP, NIST, ISO 27001, etc.
- High level Expertise in Excel/Word & Power Point and other office/productive tools.
Why join us
“We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.
At Société Générale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious.
Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating and taking action are part of our DNA.
If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!
You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.
We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.