Cyber security Manager -IT Risk and Security Operations Manager (OSM GCR)
Responsibilities
Job Summary:
We are seeking an experienced IT Infrastructure Risk Officer and Security Operations Manager to join our team. In this role, you will be responsible for implementing and overseeing controls related to information system security (ISS) within our company's functional scope. You will ensure compliance with Group policies and security standards, perform security assessments, contribute to security audits, and communicate effectively with various stakeholders. Additionally, you will play a vital role in developing and maintaining the IT skills of our employees, participating in ISS events, and actively contributing to the overall IT function and security community within our organization.
Responsibilities:
- Manage IT risk and IT compliance:
o Contribute to the drafting of Group policies / standards on the ISS in relation to its functional scope; if necessary, define and maintain up-to-date local procedures / best practices to meet the specificities of its department;
o Participate in the definition of the strategy and roadmap of the ISS for its functional scope, in collaboration with the RSSI GTS and the ISS function;
o Define and validate the roadmaps for implementing IT risk treatment plans (application of standards, implementation of controls, etc.), ensuring that the relevant teams obtain funding and commitment.
o Contribute to the updating of permanent control policies (update of the library of normative controls, etc.)
- Plan:
o Contribute to Security Projects initiated directly by and for its reporting department;
o Support the deployment of security projects initiated by the Group and/or GTS within its operating scope as a relay and participate in the governance of these projects;
o In general, acting as a security expert to advise on projects deployed within its projected department
o Assess and manage IT risk treatment in all new projects or infrastructure within its scope (integration of security into projects, security by design processes);
o Enforce Group policies / standards and/or procedures / good security practices within its projected department;
o Validate and monitor exceptions, RAF, etc.;
o Lead the resolution of security incidents and contribute to the post-mortem investigation of security incidents;
o Lead the remediation of critical vulnerabilities in coordination with technical teams, SOC and CERT;
o Maintain up-to-date IT security risk assessment of products/services/infrastructure within its functional scope
o Monitor and coordinate the timely closure of audit recommendations (internal / regulators), where appropriate intervene in support of operational teams.
- Controls:
o Rely on the controls team for the implementation of controls relating to the ISS within its functional scope (operational controls, managerial controls, mitigant risk description, NIST, etc.) and follow the associated remediation plans;
o Perform regular security assessments of the most critical infrastructure in accordance with Group policies and security standards (pentest, review of high-privilege accounts, hardening, USF, etc.), and produce the resulting analysis reports;
o Contribute to security audits (internal audit / regulators) within its scope.
- Communicate:
o Communicate regularly on the IT risks of its scope and on the mitigation plans;
o Communicate the status of security audits (internal audit / regulators) as well as the plans for dealing with recommendations;
o Communicate on its activities (definition of relevant KPIs/KRIs) and on security alert points;
o In the event of the detection of a security anomaly on its functional scope, exercise a duty of alert as soon as possible vis-à-vis the RSSI GTS and its hierarchy;
o Raise to its projected department any changes in Group policies / standards or decisions by the ISS function in relation to the activities of its functional scope.
Profile required
Qualifications:
1. Bachelor's degree in computer science, information technology, or a related field. Relevant certifications (e.g., CISSP, CISM, CRISC) are preferred.
2. Proven experience in information system security management, risk assessment, and security operations.
3. Strong knowledge of security controls, regulatory requirements, and industry best practices.
4. Familiarity with NIST standards or equivalent and PEN test tools
5. Excellent communication skills, including the ability to communicate complex security concepts to both technical and non-technical stakeholders.
6. Strong analytical and problem-solving abilities.
7. Proactive approach to identifying and mitigating security risks.
8. Ability to work collaboratively in a team environment and contribute to a positive work culture.
9. Strong organizational and project management skills, with the ability to prioritize and multitask effectively.
10. Up-to-date knowledge of emerging security threats and trends.
Why join us
Why Join Us
“We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.
Business insight
Business Insight
At Société Générale, we are convinced that people are drivers of change, and that the world of
tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious.
Whether you’re joining us for a period of months, years or your entire career, together we can have
a positive impact on the future. Creating, daring, innovating and taking action are part of our DNA.
If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a
daily basis and develop or strengthen your expertise, you will feel right at home with us!
Still hesitating?
You should know that our employees can dedicate several days per year to solidarity actions during
their working hours, including sponsoring people struggling with their orientation or professional
integration, participating in the financial education of young apprentices and sharing their skills with
charities. There are many ways to get involved.
We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.