Infrastructure Risk Specialist

Responsibilities:

• Be the security risk Interface with stakeholders at all levels, from technical engineers to senior management locally, regionally and globally.
• Work closely with other risk and security departments, including all 3 lines of defence.
• Assist infrastructure skill teams in the assessment, design and implemention of required IT risk controls/counter-measures, in their operations or project deliveries.
• Working with Global/Regional team to setup program/project planning, scoping and deployment for the region.
• Partnering with our peers/clients to define, support and roll out IT risk management process for the region.
• Facilitate within GTS on the reporting, review and execution of operational /managerial supervision controls to ensure adequate risk coverage and compliance with global /local regulations. And follow through the rectification of managerial supervision controls' anomalies and action plans.
• Manage the process of risk control self-assessment for GTS in Asia.
• Outsourcing management: Take lead on the outsourcing process involving RAMOS as GTS OS Relay and RIsk Expert.
• Incident management: Report and follow security incidents and their remedial actions from IT risk aspect.
• Request /Change management: Conduct security risk assessment for new infrastructure architecture proposal or changes.
• Deliver innovation initiative to improve overall infrastructure security and efficiency.
• Facilitate, coordinate and take lead to assess and front Infrastructure related AUDIT, Inspection and regional/local regulatory related missions; ensuring proper follow-up/assessment/work with other skill team and management to review answer and define response / action plan. Ensure alginment within GTS teams local/global and zero overdue for defined action plan;
• Operational risk reporting: Production of various operational risk reporting (ORCs). Coordinate GTS contribution to external stakeholders reporting and requests.
• Risks reporting: Production of various risk indicators(KPIs; KRIs). Coordinate among Infrastructure teams to contribute to external stakeholders reporting and requests
• Conduct security & risk awareness training to the Infrastructure teams

Knowledge

• Kowledge and hands-on experiences in IT, Infrastructure and risk controls
• Knowledge and experience in IT infrastructure (speak the language, expertise not required)
• Knowledge in technology regulatory requirement like HKMA, SFC, MAS, GDPR, CBIRC, etc. is required
• Project management experience is desired
• Knowledge and experience in a banking environment will be beneficial but not essential
• Knowledge in the Public Cloud, development and specific Infrastructure domains are a plus
• Professional certification recognized by Regulatory bodies like HKMA, e.g. CISM, CISA or CRISC, is a plus

Soft Skills

• 3 - 5 years relevant experience
• Able to organize time, multitask, and define priorities (autonomy)
• Able to interact with all level of the organization from operators to executive management member
• Must be able to work collaboratively within a complex organization, across multiple cultures, geographies and disciplines
• Good communication and interpersonal skills
• English proficiency is essential, other spoken languages in the APAC region or French is an advantage

Behavioral Skills

• Team Spirit - Open mindset/Respect: I listen and share my views and my expertise in an open mode
• Innovation - Technology: I include technological breakthroughs in the strategies implemented
• Responsibility - Performance: I generate outstanding individual and collective performance
• Commitment - Inspiration/Vision: I inspire others by communicating a clear vision and strategy
• Client - Risk/Vigilance: I seek out the greatest benefit for clients/internal partners while ensuring that the Group’s risks are properly managed
• Innovation - Simplification: I make things & ideas simple 

Hybrid Work Environment:

Société Generale offers a hybrid work arrangement that offers employees the flexibility to work remotely, as well as on-site, in order to promote interaction and collaboration with colleagues while adhering to all SG standard protocols.  Hybrid work arrangements vary based on business area.  The applicable Business lines will determine and communicate the work arrangements that best meet their business needs.

Our Culture:

At Societe Generale, we live by our 4 core values of commitment, responsibility, team spirit and innovation. We are engaged and demonstrate consideration for others. We act ethically and with courage. We focus our talent and energy on collective success. We experiment and propose new ideas. This way, we maximize our ability to serve client needs and anticipate market changes. Societe Generale is committed to strengthening bonds with colleagues, communities, and the world in which we live, because relationships are at the heart of how we operate. Please visit our APAC career website:https://www.societegenerale.asia/en/careers/building-your-career-with/ for more information.

Diversity, Equity & Inclusion (DE&I):

Our mission: Recruit, develop, advance, and retain a diverse workforce that is united in our efforts to enhance our competitive position and deliver innovative solutions to our clients.

Our vision:

• Engaged workforce that is demographically diverse in a way that reflects the communities in which we operate
• Inclusive culture and workplace that recognizes employees' unique needs and utilizes their diverse talents
• Engage our community and marketplace, and position the organization to meet the needs of all its clients

Check out our DE&I initiatives: https://www.societegenerale.asia/en/careers/diversity-equity-inclusion-dei/

Department Description

GTS/SEC (Global Technology Services/Security) is the operational risks and security management function of GTS. Being the first line of defence for Societe Generale, its main objectives includes:

• Protecting the GTS infrastructures, the associated IT services and manages the operational risks. 
• Secure Infrastructure of the bank via detect and respond security incidents
• Improve the level of operational risk and security management for GTS
• Provide seamless security by design, focusing on critical assets and data protection
• Raise Security Awareness for SG staffs
• Be the Governance, Risk & Compliance Expert Center for GTS