India Securities Information Security Officer (ISO), SG Securities India (Mumbai)

Job Summary: The Information Security Officer (ISO) for India Securities is responsible for overseeing and responding to all information security regulatory matters for the India Securities entity, ensuring compliance with local regulations while aligning with Société Générale Group cybersecurity policies and standards. The ISO brings expertise in Identity and Access Management (IAM) to support the implementation and continuous improvement of IAM practices across the APAC region, including access recertification and application onboarding. In addition, the ISO provides well-rounded information security knowledge to support a range of transversal cybersecurity functions across APAC, such as regulatory topics and security assessments, working closely with regional cybersecurity experts and reporting functionally to the regional CISO to ensure effective alignment with both group and regional objectives.

Main Responsibilities:
•    Lead internal response on Cybersecurity towards regulatory requests, RISQ / audit / inspection or regular submissions ensuring timely and accurate reporting and communication
•    Monitor and ensure compliance (coordinate gap analysis and follow-up remediation plans) against local regulations, global policies, and standards related to Cybersecurity
•    Responsible for the local implementation of the regional Cybersecurity remediation program aiming to reinforce prevention, protection, detection and response capabilities
•    Support local Business Units and Service Units in their transformation providing adequate guidance on Cybersecurity subjects in liaison with regional Cybersecurity experts
•    Work with all the local Business Units and Service Units to determine possible cyber risks and relevant mitigations
•    Evaluate and manage local security exceptions in alignment with global standards and regulatory expectations
•    Be a subject matter expert on subjects alike Cybersecurity regulations, Identity and Access Management, Application Security, Third Party Security, Cloud security, Data protection
•    Deliver relevant awareness and training adapted to the current threat landscape
•    Respond to and manage local cyber incidents and crises, in coordination with central threat intelligence and cyber incident response functions, involving internal and external stakeholders as appropriate
•    Maintain and continuously improve the bank's cyber defense capabilities through operational monitoring of anomalies, and review of internal and external incidents and near misses
•    Definition and implementation of the local Cybersecurity governance in alignment with local regulation, global and regional standards and practices
•    Ensure scheduling of Penetration Test / Vulnerability Scans and remediation of vulnerabilities in alignment with local regulatory expectations and global standard
•    Ensure alignment with regional CISO on Cybersecurity strategy, objectives and initiatives including interactions with regulators
•    Perform project, IT, third party risk assessments and provide guidance on risk remediation
•    Participation in the review, analysis and monitoring of the entity operational risks and related regulations
•    Participation in the entity Crisis and business continuity coordination
•    Support analysis and monitoring of the entity outsourced and off-shored services
•    Support ISR regional function delivering and driving on areas such as Identity and Access Management, Regulatory Management, Security Assessments and Incident Response

Required Qualifications:

Academic Background and Certifications, Experience:

•    Bachelor’s degree in information technology or equivalent
•    Professional qualification in information security management such as CISSP, CISM, CISA
•    Experienced Security Expert with at least 8 years of relevant experience
•    Experience with India financial sector regulators mandatory, ideally with the Securities and Exchange Board of India (SEBI)
•    Experience and strong understanding of Identity and Access Management topic required
•    Experience in cyber incidents response advantageous

Operational Skills:
•    Solid understanding of information security concepts, frameworks, standards and best practices
•    Proven ability to interact with regulators and auditors on information security matters
•    Strong analytical skills, and audit mentality
•    Strong understanding of IT infrastructure and IT applicative framework architectures
•    Strong knowledge of India and global regulation and requirements
•    Excellent English verbal and written communication skills, experience of influencing at senior organizational levels, up to and including MD level
•    Client oriented mindset, results driven, proactive and quick to react to requests
•    Innovative and bringing new ideas to improve processes

Behavioral Skills:
•    Client - Risk: I strive to satisfy clients/internal partners while taking into account risks for the company
•    Commitment - Inspiration: I communicate a clear vision and strategy 
•    Responsibility - Courage: I express my convictions and make decisions with courage
•    Responsibility - Risk awareness: I am constantly on the lookout for risks 
•    Commitment - Exemplarity: I embody the Group’s values 
•    Innovation - Simplification: I make things & ideas simple 

Societe Generale Securities India Pvt. Ltd. (SGSI) is the stock-broking arm of Societe Generale Group (SG Group) and was one of the earliest foreign brokers to enter India. SGSI started with a representative office in 1994 and established a full-fledged presence by 1995. 
 
SGSI is a Securities and Exchange Board of India (SEBI) registered Stock Broker with Trading and Clearing Membership and obtained membership of Stock Exchanges (National Stock Exchange, Bombay Stock Exchange and Metropolitan Stock Exchange) to provide services in various segments (Cash Equities, F&O, Currency & Debt) of Stock Exchange. The Company has been active in the Stock Market since 1997. 
 
SGSI is managed by a team of professionals /specialists in the broking business. The Company has a dedicated team of specialist dealers & traders to cater to the needs of institutional clients. 
 
The Company has established itself as a premium player in the institutional segment where quality service and best technology combined with best possible execution and clearing services. The Company aims to specialize and develop capabilities in providing best quality execution and clearing services to its clients.

Societe Generale is an equal opportunities employer and believes that a diverse and inclusive workforce should be encouraged and recognized.