Information Security GRC Analyst - Security Awareness & Training Program

 Montreal, Canada       Permanent contract        Security

Responsibilities

Phishing Campaigns

  • Act as the lead for all phishing campaign matters including execution of weekly campaigns, tracking, and reporting on repeat offenders, coordination with Paris to manage global and local campaigns
  • Review suspicious email reports and follow up with the end users and technical teams as needed to ensure such emails are removed from our environment
  • Act as a subject matter expert and advisor with regards to secure email behavior for all stakeholders
  • Contribute to the enforcement of policy and standard violation
  • Generate phishing metrics across the AMER region
Information Security Awareness Campaign and Training
  • Lead the development and delivery of security training programs and awareness campaigns including e-learning modules, in-person trainings, roadshows, e.g.
  • Lead and coordinate security awareness events
  • Provide security practice advice to other non-security professionals, including staff in the business units
  • Maintain the policy and standard documents related to training and awareness
  • Generate security training and awareness metrics across the AMER region

Metrics, KRIs, and KPIs

Documentation, Reporting & Analytics

Third party Information Security Assessments
  • Contribute to the maintenance and monitoring due diligence tasks for third-party vendors
  • Assist with reviews of vendor due diligence materials (i.e., SSAE 18 reports), identify potential issues, and follow up for unresolved issues
  • Assist with the performance of information risk assessments for new vendors and critical vendors

Profile Required

Knowledge & Experience

Education/Certifications


Business Insight

The Information Security GRC Analyst performs Application Sensitivity Assessments (ASA), leads the Application Risk Heatmap process, assists with the creation and generation of Documentation, Reporting, and Analytics, and assists with the creation and delivery of Information Security Awareness Campaigns and other training programs. The position is hands-on and requires strong project management skills and tactical execution. The position requires a solid knowledge of the regulations (e.g., FFIEC, FDIC, SEC, DFS500) and best security practices (e.g., NIST, ISO) applicable to the financial industry. It is essential that the candidate be able to demonstrate practical and in-depth knowledge of security GRC practices and processes including the use of GRC tools such as Archer, reporting tools such as Tableau.


The ideal candidate is proactive and has a successful track record with execution of programs. The Information Security GRC Analyst is a member of the Security GRC Team and reports to the Director of Security GRC. This position is transversal and requires strong collaboration across the organization (regionally in the Americas and globally with our HQ in Paris).


We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Job code: 20000217
Business unit: SG AMERICAS OPERATIONAL SECURITIES
Starting date: 02/03/2020
Date of publication: 01/02/2020
Share on

Information Security GRC Analyst - Security Awareness & Training Program

Permanent contract   |   Montreal   |   Security