India Chief Information Security Officer (CISO) and Asiapac Incident Response Officer, SG Securities India (Mumbai)

Permanent contract|Mumbai|Innovation / Project / Organization

India Chief Information Security Officer (CISO) and Asiapac Incident Response Officer, SG Securities India (Mumbai)

  • Mumbai, India
  • Permanent contract
  • Innovation / Project / Organization


Job Summary:
The country Chief Information Security Officer (CISO) in India is responsible to coordinate locally on the application of group cyber security policies and standards in line with local regulation with the ultimate goal of protecting business functions, systems and data. The CISO is responsible for implementing, enhancing and overseeing the information security framework locally with strong synchronization with regional Cybersecurity experts and functional reporting to regional CISO. The CISO will be directly responsible for cybersecurity for India Securities, and provide support as needed for Group entities. 
In addition, the country CISO will have responsibilities over the management of Incident Response and Threat intelligence for the ASIA region.

Main Responsibilities (CISO India): - 
- Lead internal response on Cybersecurity towards regulatory requests, RISQ / audit /inspection or regular submissions ensuring timely and accurate reporting and communication
- Monitor and ensure compliance (coordinate gap analysis and follow-up remediation plans) against local regulations, global policies, and standards related to Cybersecurity
- Responsible for the local implementation of the regional Cybersecurity remediation program aiming to reinforce prevention, protection, detection and response capabilities
- Support local Business Units and Service Units in their transformation providing adequate guidance on Cybersecurity subjects in liason with regional Cybersecurity experts
- Work with all the local Business Units and Service Units to determine possible cyber risks and relevant mitigations
- Evaluate and manage local security exceptions in alignment with global standards and regulatory expectations
- Be a subject matter expert on subjects alike Cybersecurity regulations, Identity and Access Management, Application Security, Third Party Security, Cloud security, Data protection
- Deliver relevant awareness and training adapted to the current threat landscape
- Maintain and continuously improve the bank's cyber defense capabilities through operational monitoring of anomalies, and review of internal and external incidents and near misses
- Definition and implementation of the local Cybersecurity governance in alignment with local regulation, global and regional standards and practices
- Ensure scheduling of Penetration Test / Vulnerability Scans and remediation of vulnerabilities in alignment with local regulatory expectations and global standard
- Ensure alignment with regional CISO on Cybersecurity strategy, objectives and initiatives including interactions with regulators

Main Responsibilities (Incident and Threat Intelligence): -
- Develop, implement and maintain the regional cyber incident response plans, procedures and related documentation in alignment with global standards
- Develop and maintain a relationship with the threat intelligence community in Asia financial services, including regulators, industry peers, law enforcement agencies, and other relevant stakeholders
- Collect, analyse, and disseminate threat intelligence from various sources, such as open source, commercial, and internal data, to identify and assess cyber threat and risks affecting our organisation and customers in the Asia region
- Provide timely and actionable intelligence to SG CERT and the regional CISO, as well as other relevant teams and stakeholders, to enable informed decision-making and proactive security measures
- Use treat intelligence to streamline playbooks and incident response standard operative procedures, and to enhance the detection, prevention, and mitigation of cyberattacks
- Conduct research and producing reports, briefing and presentation on cyber threat trends, actors, tactics, techniques, and procedures (TTPs)
- Conduct regular reviews and audits of the cyber incident response process, identifying gaps and areas of improvement
- Plan, execute and support desk based testing scenarios to simulate cyber incidents and test the effectiveness of the response plan and procedures
- Support risk assessment and architecture reviews by conducting threat analysis and modelling, identifying potential attack vectors and mitigation strategies
- Respond to and manage cyber incidents and crises, in coordination with central threat intelligence and cyber incident response functions, involving internal and external stakeholders as appropriate
- Investigate, mitigate the impact, and manage the process related to data leakages and data breaches, and ensure compliance with the regulatory and legal requirements and standards for cybersecurity and data protection in the region
- Provide timely and accurate communication and reporting on the status, impact and resolution of cyber incidents and crises
- Conduct post-incident reviews, root cause analysis and lesson learned from cyber incidents and crises, and providing recommendations and feedback to improve the security posture and resilience of the organisation.

Profile required

•    Bachelor Degree in Information Technology or equivalent
•    Professional qualification in information security management such as CISSP, CISM, CISA
•    Professional certification in cyber threat intelligence and cyber incident response, such as Cyber Threat Intelligence Analyst (CTIA), Certified Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), Certified Network Defender (CND), Certified Forensic Computer Analyst, GIAC Penetration Tester, CompTIA PenTest+, Certified Ethical Hacker
•    Experienced Security Expert with 10+ years of relevant experience

•    Solid understanding of information security concepts, frameworks, standards and best practices
•    Strong understanding of IT infrastructure and IT applicative framework architectures
•    Strong knowledge of local and global regulation and requirements
•    Proven ability to interact with regulators and other external parties on information securty matters
•    Excellent English verbal and written communication skills, experience of influencing at senior organizational levels,
•    up to and including MD level
•    Client oriented mindset, results driven, proactive and quick to react to requests
•    Innovative and bringing new ideas to improve processes.
•    Knowledge and understanding of the cyber threat landscape and the cyber threat intelligence lifecycle, as well as the tools, methods, and frameworks for cyber threat intelligence collection, analysis and dissemination
•    Familiarity with the cyber threat actors, TTPs, and challenges specific to the Asia region, as well as the regulatory and legal requirements and standards for cybersecurity and data protection in the region
•    Knowledge of incident response best practices and procedures
•    Experience in digital forensic and malware analysis

•    Client - Risk: I strive to satisfy clients/internal partners while taking into account risks for the company
•    Commitment - Inspiration: I communicate a clear vision and strategy 
•    Responsibility - Courage: I express my convictions and make decisions with courage
•    Responsibility - Risk awareness: I am constantly on the lookout for risks 
•    Commitment - Exemplarity: I embody the Group’s values 
•    Innovation - Simplification: I make things & ideas simple

Business insight

Societe Generale Securities India Pvt. Ltd. (SGSI) is the stock-broking arm of Societe Generale Group (SG Group) and was one of the earliest foreign brokers to enter India. SGSI started with a representative office in 1994 and established a full-fledged presence by 1995. 
SGSI is a Securities and Exchange Board of India (SEBI) registered Stock Broker with Trading and Clearing Membership and obtained membership of Stock Exchanges (National Stock Exchange, Bombay Stock Exchange and Metropolitan Stock Exchange) to provide services in various segments (Cash Equities, F&O, Currency & Debt) of Stock Exchange. The Company has been active in the Stock Market since 1997. 
SGSI is managed by a team of professionals /specialists in the broking business. The Company has a dedicated team of specialist dealers & traders to cater to the needs of institutional clients. 
The Company has established itself as a premium player in the institutional segment where quality service and best technology combined with best possible execution and clearing services. The Company aims to specialize and develop capabilities in providing best quality execution and clearing services to its clients.

Societe Generale is an equal opportunities employer and believes that a diverse and inclusive workforce should be encouraged and recognized.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Reference: 240001G9
Entity: Societe Generale Securities India Pvt. Ltd.
Starting date: 2024/03/01
Publication date: 2024/01/17