Cyber Security Manager (NIST Controls)
Responsibilities
1. JOB PURPOSE
To lead the team of security analyst responsible for running the cyber security controls and develop NIST CoE for running the control.
RESPONSIBILIES
· The Cyber Security delivery manager aims to lead a team of security analyst responsible towards designing and running the security controls (NIST).
· Implements security controls, risk assessment framework, and program that aligns to regulatory requirements, ensuring documented and sustainable compliance that aligns Organization objectives.
· Ability to identify, propose, design and run the operational and security Risk Controls
· Create design documents for control Build and define success criteria for POC demonstration.
· Evaluates risks and develops security standards, procedures, and controls to manage risks.
· Identify data model (attribute/fields) from security logs to perform audit and checks.
· Device efficient process to enforce security controls
· Effective communication with the stakeholders’ project team, security SPOCs and other cross functional teams.
· Ability to assess/improve the maturity level of existing/new controls thus improving the control efficiency, effectiveness, and scope.
· Train, guide, and act as a resource on security assessment functions to the team.
· Recommend technical and strategic directions for security program and operate with a high degree of independence in matters relating to the decisions regarding risk, and measures for control remediation.
· Operate with a high degree of independence with regard to project management activities, including development of project plans and cost benefit analysis for controls.
- Good reporting / communication skills and ability to convey technical or complex security topics to management is simple and effective manner. Experience on designing reports using tools like Power BI or Tableau or Pandas/Xlwings/Plotydash is added advantage.
Profile required
- Cybersecurity:
o Risk analysis & assessment: Expert
o Security audit and framework (ISO 27001, NIST, PCI-DSS): Intermediate to Expert
- System and OS administration & hardening
o Application Security: Intermediate to Expert
o Linux/windows administration: Intermediate
o Linux/windows security and hardening: Intermediate to Expert
o Vulnerability management standards: Standard
o Privileged access management : Intermediate to Expert
- Experience and other skills
o Strong delivery background for both onshore and offshore activities
o Experience in managing team and ensuring delivery excellence.
o Experience working with global client is a must.
o Practical understanding of agile or agile @ scale functions and its practical implementations.
o Good Communication skills
Why join us
“We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified
applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or
expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.
Business insight
At Société Générale, we are convinced that people are drivers of change, and that the world of
tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious.
Whether you’re joining us for a period of months, years or your entire career, together we can have
a positive impact on the future. Creating, daring, innovating and taking action are part of our DNA.
If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a
daily basis and develop or strengthen your expertise, you will feel right at home with us!
Still hesitating?
You should know that our employees can dedicate several days per year to solidarity actions during
their working hours, including sponsoring people struggling with their orientation or professional
integration, participating in the financial education of young apprentices and sharing their skills with
charities. There are many ways to get involved
We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.