Information Security Officer

The Vulnerability Management Lead is responsible for the AMER region’s vulnerability management and configuration management program. The position requires excellent communication skills (written and verbal) and a strong ability to influence others. The ideal candidate will be able to demonstrate practical and in-depth knowledge of running an effective vulnerability & / or configuration management program including dynamically responding to emerging threats in the financial services industry.

The role also calls for strong technical analysis and process improvement skills and the ability to present to senior management on the state of, and proposals to improve, the program.

Working knowledge of cybersecurity and risk assessment frameworks (e.g., NIST) and regulations applicable to the financial services industry (e.g., NYDFS 500, FINRA, SEC) is preferred.

The Vulnerability Management Lead is a member of the Cyber Threat Defense (CTD) team within the AMER Data and Cyber Security (ISR) department and reports to the Director of CTD. This position requires strong collaboration across GBSU and GTS departments in the Americas and globally with SG CERT, ISR and GTS teams.

ESSENTIAL JOB FUNCTIONS

Vulnerability & Configuration Management

• Lead the AMER vulnerability & configuration management programs – Act as the main point of contact and expert in Vulnerability Management and configuration management; including overseeing the risk of zero-day vulnerabilities, oversee patching/remediation and risk acceptance of vulnerabilities where appropriate.

• Oversee the discovery, evaluation, and implementation of vulnerability scanning, patch and configuration review, penetration testing.

• Present operating and steering committees for projects to senior management on a quarterly basis.

• Develop and oversee annual roadmaps of initiatives to align with overall InfoSec and business objectives/strategy.

• Develop and manage detailed vulnerability reviews and assessments, and patching and configuration reviews: (1) Assess potential damage of security flaws and assist in the implementation of corrective actions; (2) Identify, document, and report security issues and concerns to management; and (3) Monitor corrective actions and recommending cost-effective preventive measures to preclude recurrences.

• Review and sign-off on all recommendations on possible improvements resulting from the work performed as part of projects.

• Draft and publish communications for management as new threats emerge.

• Improve the reporting framework that will provide regular metrics and statistics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; report security metrics and statistics to the CISO and other key stakeholders such as the COO, CIO, and CTO.

LANGUAGE: 

Ability to communicate in English, both orally and in writing, is a requirement as the person in this position will need to collaborate regularly with colleagues and partners in the United States.

OUR BENEFITS:

WHAT WE DO DIFFERENTLY AT SOCIÉTÉ GÉNÉRALE

Competitive compensation & benefits offering, including but not limited to:

• Minimum of 20 Vacation days + 4 personal days 
  • Supportive Maternity, paternity, parental and adoption leave policy 
  • Health spending ($2,000/year) and personal spending ($1,000/year) accounts with 75+ eligible reimbursement categories (health, training, electronics etc.)

Fully sponsored virtual healthcare assistance and Employee Assistance Program to you and your immediate family

Various Employee Resource Groups (ERG) to engage with such as Pride and Allies, American Women Network, Black Leadership Network, One planet, etc.

• A culture of continuous development by encouraging our employees various training programs (online training and coaching platform such as Coursera, GoFluent, Pluralsight, First Finance, and others)

Societe Generale is committed to offering an inclusive recruitment experience to all candidates. If you require any reasonable accommodations during the recruitment process, please do not hesitate to let our Recruiters know.

OUR CULTURE: 
At Societe Generale, we live by our 4 core values of commitment, responsibility, team spirit and innovation. We are engaged and demonstrate consideration for others. We act ethically and with courage. We focus our talent and energy on collective success. We experiment and propose new ideas. This way, we maximize our ability to serve client needs and anticipate market changes. Societe Generale is committed to strengthening bonds with colleagues, communities, and the world in which we live, because relationships are at the heart of how we operate. For more information about our Culture and Conduct initiatives, please visit this link (https://americas.societegenerale.com/en/careers/get-know-culture/)

D&I: 
Our Diversity & Inclusion Mission: Recruit, develop, advance, and retain a diverse workforce that is united in our efforts to enhance our competitive position and deliver innovative solutions to our clients.
Our Diversity & Inclusion Vision:

• Engaged workforce that is demographically diverse in a way that reflects the communities in which we operate
• Inclusive culture and workplace that recognizes employees' unique needs and utilizes their diverse talents
• Engage our community and marketplace, and position the organization to meet the needs of all its clients

For more information about our D&I initiatives, please visit this link (https://americas.societegenerale.com/en/careers/get-know-diversity/)