Information Security Program Manager

Permanent contract|Jersey City|Innovation / Project / Organization

Information Security Program Manager

Jersey City, United States Permanent contract Innovation / Project / Organization

Responsibilities

ESSENTIAL JOB FUNCTIONS

Program Management

  • In collaboration with the AMER CISO, manage a portfolio of programs designed to transform the cybersecurity processes and tools in line with our strategy

  • Launch projects based on DCS strategy, including documenting requirements, obtaining sponsorship, developing staff and project plans, and guiding project to delivering milestones

  • Programs include the security GRC scope, assisting in developing an automated platform integrating core GRC functions (regulation, policy, control, risks, etc.) and providing actionable reporting

  • Put in place project governance to provide on-going reporting, escalation of issues as needed, and periodic meetings with sponsors and stakeholders

Strategy

  • Work with the AMER CISO to define and document a multi-year strategy based on current cybersecurity assessments, regulatory gaps and trends, risk appetite, and evolving industry threats

  • Socialize the strategy to inform senior management of cybersecurity risks in the region and obtain support for key initiatives to reduce risks

  • Work with other DCS teams to gather information on threats, vulnerabilities, and risks to drive the strategy

Communication Management

  • Build and execute on the communication plan and framework to enhance awareness and knowledge at all levels of the security organization

  • Oversee all communication vehicles and content to internal stakeholders, plan owners and executives, as well as other business partners

  • Collaborate with a wide variety of stakeholders, such as IT groups, corporate relations, human resources, and business operations

  • Develop long-term strategies and key initiatives, including promoting and achieving a culture of service excellence and employee engagement

  • Work with leadership and management to develop strategies and demonstrable links between staff engagement and internal organization goals

  • Oversee communications for and assist in the overall production of employee experience events (including security educational and training sessions, staff meetings, leadership events, and employee resource groups)

  • Manage all internal communications and related program materials using internal branding, such as newsletters, e-blasts and other internal channels for the purpose of communicating engagement information to employees

  • Create an annual communication plan and provide content for various communication channels

Management Reporting

  • Lead the development and delivery of various reports – strategic reporting to senior management to socialize the DCS cybersecurity strategy and report on progress

  • Develop impactful and actionable security metrics in collaboration with the functional leads to provide a clear and sustainable view of the security posture in AMER to multiple stakeholders (e.g., regulators, auditors, boards and executive committees, operational team, technical teams)

  • Revise existing periodic reporting leveraging metrics and other information available in the security GRC platform to create automated, templatized reporting for on-going commitments such as operational risk management

Profile required

KNOWLEDGE AND EXPERIENCE

  • 8-10 years of demonstrable experience in cybersecurity and program management

  • Prior experience developing strategic plans based on cybersecurity risk reduction objectives and regulatory and industry trends

  • Ability to produce high-impact communication artifacts, including executive level presentations, talking points, newsletters, memos, reports

  • Strong communications background, including online and social media experience

  • Excellent and proven verbal and written communication skills, including managing with influence and having a strong presence and solid presentation skills

  • Requires previous experience creating management reporting and effectively socializing complicated cybersecurity topics with senior management

  • Experience working with detailed information and numerical data and presenting it in a way that is easily understood by people at different levels in the organization

  • Direct experience managing multi-faceted IT and business integration projects

  • Detailed knowledge of cybersecurity and enterprise risk frameworks

  • Requires strong analytical skills, problem solving skills, and project management skills

EDUCATION/CERTIFICATIONS

  • Bachelor's degree or equivalent business experience in Computer Science or Cybersecurity

  • CISSP, CCSP, CISA, CISM, GSEC, CRISC, or related certification(s) are desirable

Business insight

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Reference: 22000M4I
Entity: SG AMERICAS OPERATIONAL SECURITIES
Starting date: 2022/09/12
Publication date: 2022/07/21
Share