Cyber Security Senior Analyst - On Prem Operational security

We are seeking a Senior Cyber Security Analyst to work on the operational security and risk management field in our  traditional infrastructure and applications.   The successful candidate will perform security validation and exceptions, review security incidents, different level of risk assessments, driving security programs and follow the remediation with close Governance as part of identified risks and vulnerabilities  and develop  strategies to optimize security and compliance.

 •            Assess and manage IT risk treatment in all new projects or infrastructure within its scope (integration of security into projects, secure by design processes);

•            Enforce Group policies / standards and/or procedures / good security practices within its department.

•            Perform security validations and exceptions for different need  on day to day basis (AV , Browsing exceptions, RAF, admin rights, firewall flow, secureshare etc.);

•            Lead the resolution of security incidents and contribute to the post-mortem investigation of security incidents.

•            Lead the remediation of critical vulnerabilities in coordination with technical teams, SOC and CERT.

•            Maintain up-to-date IT security risk assessment of products/services/infrastructure within its functional scope and associated benchmarks.

•            Monitor and coordinate for timely closure of audit recommendations (internal / regulators), if necessary, intervene in support of operational teams.

•            Conduct risk assessments and security evaluations

•            Identify and prioritize vulnerabilities, threats, and potential attack vectors.

•            Evaluate security configurations, policies, and procedures.

•            Assess compliance with industry standards and regulatory requirements (e.g., ECB, NIST, SOC 2, PCI-DSS, OWASP)

•            Communicate risk and security recommendations to stakeholders.

•            Communicate regularly on the IT risks of its scope and on the mitigation plans undertaken.

•            Communicate the status of security audits (internal audit / regulators) as well as the plans for dealing with recommendations.

•            Communicate on its activities (definition of relevant KPIs/KRIs) and on security alert points.

•            In the event of detection of a security anomaly on its functional scope, exercise, as soon as possible, a duty of alert vis-à-vis its upper management.

Profile Required: 
- 5+ years of experience in operational security and risk management  or related fields 
- Strong understanding of infrastructure & application security architecture, compliance frameworks, and risk management principles 
- Experience with infrastructure & application security assessments, risk assessments, and security controls implementation 
- Excellent analytical, problem-solving, and communication skills 
- Certifications in information security  fields (e.g.,CRISC, COMPTIA+,  CISSP)

“We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.

At Société Générale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating, and taking action are part of our DNA. If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!

Still hesitating?
You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.

We are committed to support accelerating our Group’s ESG strategy by implementing ESG principles in all our activities and policies. They are translated in our business activity (ESG assessment, reporting, project management or IT activities), our work environment and in our responsible practices for environment protection.