Cyber Security, Technology Operational Risk Manager

Permanent contract|New York|Risks

Cyber Security, Technology Operational Risk Manager

  • New York, United States
  • Permanent contract
  • Risks


The Head of Operational Risk Management Team is looking to hire a forward-thinking Risk Manager with a high level of expertise in Cyber and Technology Risk that will join the Operational Risk organization to manage the 2nd line of defense governance, processes, policies and tools.  

This role is responsible to evaluate and provide an independent assurance over Cyber and Technology risk, maintain an active view, and report on the actual, mitigated, and residual Cyber, Technology and Data risk in the organization.  This role includes but not limited to risk assessments, life-cycle practices, incident assessment and response, assess the accuracy, completeness, and sufficiency of the processes, risks and controls and adherence to regulatory expectations.  This individual will manage a Team of risk specialists.

Coverage areas include:

  • IT Infrastructure support models, data management, capacity management, vendor management, business continuity and disaster recovery, and IT security alignment to IT Risk 
  • The individual will have the communication and relationship skills necessary to actively interact with C-Suite executives, Examiners (FRBNY, NYDFS), and Internal Audit 

Day to day includes but not limited to:

  • Assess the accuracy, completeness, and adequacy of the processes, risks and controls supporting SG’s applications, support models, release management, capacity management, oversight and governance
  • Recommend enhancements to technology architectures, processes and controls to improve cyber and technology risk management capabilities for high-risk processes, regulatory reporting and risk oversight
  • Identify legal, regulatory, and organizational policies and standards related to IT management systems to determine their potential impact on the business objectives
  • Expand operational risk processes and data collection tools to track, report and assess operational risks and issues
  • Review operational risk events and IT Incidents and perform a review and challenge on the adequacy of the remediation proposed by the 1st line of defense 
  • Participate in the cyber and technology incident response and escalation processes  
  • Develop Cyber and IT risk scenarios for stress testing and capital planning activities

Profile required

The Risk Management Department contributes to the sustainable growth of the Societe Generale group through its expertise, understanding of risks, and risk management techniques. The department’s mission is to independently analyze, challenge and monitor risk-taking activities with the objective of achieving, together with the first line-of-defense, the best possible outcome for the bank.  The department oversees the enterprise, strategic, credit, market, liquidity, operational, model, and other risks of the corporate and investment banking business activities.

Must Have:

  • Previous work within Risk Management, Cyber Security and Technology
  • Bachelor and/or Masters Degree in Computer Science, Engineering or relevant technical field
  • Understanding of financial services specifically within risk and regulatory domains
  • Strong foundation in information technology and information security principles
  • Requires broad and deep understanding of technical security concepts and familiarity with related technologies and infrastructure
  • Experience in assessing design and operating effectiveness of technology controls
  • Data architectures including reference/master data, transactions/messaging, and unstructured content
  • Operational risk framework components including risk event collection, RCSA, process/risk/controls, Issues Management, Scenario Analysis
  • Experience leveraging IT risk frameworks such as: COBIT5, COSO, ISO27001, NIST and/or data management frameworks i.e., DCAM/CMM-DMM
  • Professional credentials as CGEIT, CRISC CISSP, CISM, etc.
  • Expertise in financial regulations
  • Hands-on experience with GRC platforms (i.e., Archer), architectures, and tools
  • Ability to perform root cause analysis and document remediation
  • Strong leadership skills with ability to lead by influence
  • Interpersonal and collaborative skills and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
  • High degree of initiative, dependability, and ability to work with little supervision

Nice to Have:

  • Knowledge of US IT Security regulatory requirements and environment in financial services industry a plus (i.e. FFIEC, FIRNA rules, SEC, NIST frameworks)
  • French speaking                                                                                                                                                                                                         

Business insight

At Societe Generale, we live by our 4 core values of commitment, responsibility, team spirit and innovation. We are engaged and demonstrate consideration for others. We act ethically and with courage. We focus our talent and energy on collective success. We experiment and propose new ideas. This way, we maximize our ability to serve client needs and anticipate market changes. Societe Generale is committed to strengthening bonds with colleagues, communities, and the world in which we live, because relationships are at the heart of how we operate.
For more information about our Culture and Conduct initiatives, please visit this link (
Our Diversity & Inclusion Mission: Recruit, develop, advance, and retain a diverse workforce that is united in our efforts to enhance our competitive position and deliver innovative solutions to our clients.

Our Diversity & Inclusion Vision: 
•     Engaged workforce that is demographically diverse in a way that reflects the communities in which we operate
•     Inclusive culture and workplace that recognizes employees' unique needs and utilizes their diverse talents 
•     Engage our community and marketplace, and position the organization to meet the needs of all its clients

For more information about our D&I initiatives, please visit this link (

Societe Generale offers a hybrid work arrangement that offers employees the flexibility to work remotely, as well as on-site, in order to promote interaction and collaboration with colleagues while adhering to all SG standard protocols.  Hybrid work arrangements vary based on business area.  The applicable Business lines will determine and communicate the work arrangements that best meet their business needs.


Base salary range does not include overtime pay, bonus and/or other benefits, where applicable. Actual base salary offer will vary based on skills and experience.

Societe Generale is an equal opportunity employer, and we are proud to make diversity a strength for our company. We are committed to recognizing and promoting the talents and achievements of our employees and staff, regardless of race, religion, color, national origin, sex, disability, age, gender, sexual orientation, and any other characteristic or status protected under applicable law.

Reference: 23000M1X
Starting date: immediate
Publication date: 2023/09/21
Salary or Compensation Range: $163,000 - $290,000