Information Security Officer

Permanent contract|Montreal|Banking operations processing

Information Security Officer

Montreal, Canada Permanent contract Banking operations processing



What are you applying to?

The Security GRC Specialist is an experienced professional in information security governance, risk management and compliance functions. The role involves transforming existing security GRC processes.  The primary focus will be on evolving the current control reporting processes into a robust governance platform with actionable information on significant security gaps.  The Security GRC Specialist will also be responsible for several core security controls.

What will be your day-to-day?

Transformation Lead

  • Act as the functional lead for projects to improve the scope and effectiveness of the firm’s security GRC practice.
  • Maintain an in-depth understanding of the broad regulatory landscape impacting business and IT areas
  • Develop and implement the components of the security GRC Framework for SG AMER mapping threats, vulnerabilities, risks, assets, stakeholders, assessments, standards, policies, controls into a holistic Lifecyle
  • Enhance partnerships across the organization: Audit, Legal, Compliance, Information Technology, business operations, Risk management, etc. to ensure the security GRC program is aligned with business objectives and requirements
  • The initial priority is to develop analysis and reporting tools to identify security gaps and establish governance process to prioritize remediation of the gaps
  • Work with cybersecurity team leads to identify data sets related to core security controls, enhance, and automate as needed, and centralize the information for reuse
  • Identify gaps in reference data need to provide a business centric view of cybersecurity risks
  • Assist in setting up a methodology (e.g., FAIR) to express cyber risks in terms of business stakes

Security Control Owner

  • Manage and maintain cybersecurity controls, including existing process to monitor suspicious activity on applications with sensitive data (ref: DFS 500.15)
  • Provide expertise and leadership for enhancing the control process over time by expanding the scope to include other sensitive applications and to change existing controls from detective to preventive
  • Supervise junior analyst who runs the daily control to resolve security event
  • Provide robust KRIs and KPIs that explain the risk reduction achieved by the process and control effectiveness

Documentation, Reporting & Analytics

  • Contribute to the reporting framework that will provide regular metrics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, and current gaps
  • Assist in standardization of management reporting utilizing data contained in the security GRC platform

Profile required

What you bring to our team:

  • 7-10 years’ experience in security GRC, security project management, and other security practices
  • Demonstrable experience leading projects and teams
  • Working knowledge of relevant regulations such as DFS500, FINRA rules, GLBA, etc.
  • Knowledge of common security frameworks (NIST CSF, ISO 27001, COBIT, FFIEC CAT, etc.)
  • Proficient with MS Office, project management processes, and at least one GRC tool (highly preferred to have experience with RSA Archer)
  • Solid understanding of common security topics (e.g., application security, infrastructure security, vulnerability management, Identity and Access Management, data protection, cyber threat and incident response, cloud security, etc.)
  • Requires strong analytical skills, oral and written communication skills including documentation of requirements, problem solving skills, and project/program management skills
  • Experience in IT audit or regulatory compliance is a plus


  • Degree in IT, Computer Science, Cybersecurity, or related subject required
  • Certified training in security management, risk and compliance solutions and practices
  • Ability to work towards or has achieved at least one Information Security or Risk Management Certification (Security+, CISSP, CCSP, CCSK, CISA, CISM, GSEC, CRISC, etc.)

What we do differently at Société Générale

  •  Competitive compensation & benefits offering, including but not limited to:
    • Minimum of 20 days Vacation days + 4 personal days
    • Supportive Maternity, paternity, parental and adoption leave policy
    • Health spending ($2,000/year) and personal spending ($1,000/year) accounts with 75+ eligible reimbursement categories (health, training, electronics etc.);
    • Fully sponsored virtual healthcare assistance and Employee Assistance Program to you and your immediate family;
  • There are many Employee Resource Groups (ERG) to engage with such as Pride and Allies, American Women Network, Black Leadership Network, One planet, etc.
  • We foster a culture of continuous development by encouraging our employees to seek improvements through various training programs (online training and coaching platform such as Coursera, GoFluent, PluralSight, First Finance, and others)

Why join us

Why Join Us

It is with a long-term approach that we are engaging with the world as it is today: a world in which economic development goes hand-in-hand with environmental and social progress.

As a result, we made Team spirit a central value at Societe Generale Canada. We work together to be able to offer each employee the tailored approach they require to grow.

As soon as you arrive, you will be integrated into our teams and will learn every day alongside experts, who will support you in your task.

Get ready to join an innovative company where you can bring your full self to work and evolve with forward-thinking individuals to build the bank of tomorrow!

Business insight

About us

Expanding its activities in Montreal, Société Générale Group is a large multinational bank that counts 130 000 employees located in more than 60 countries around the globe.

At Société Générale, reimagining green IT impact with our focus on sustainable movement is how we interpret our mission as responsible bankers.

Société Générale has positioned itself as a frontrunner in supporting the energy transition and carbon net zero financing.

People are the drivers of change, and the world of tomorrow will be shaped by our collective creativity, combined experiences, and diversity of opinions, so that together we can have a positive impact on the future!

Teamwork and collaboration are something that we don't only talk about but that we embody through our work and global initiatives.

#LI-Hybrid #LI-CP1

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Reference: 22000Q1C
Starting date: 2022/11/07
Publication date: 2022/09/16