Infrastructure Risk Specialist

Responsibilities : 

• Be the security risk Interface with stakeholders at all levels, from technical engineers to senior management locally, regionally and globally.
•  Work closely with other risk and security departments, including all 3 lines of defence.
• Assist infrastructure skill teams in the assessment, design and implemention of required IT risk controls/counter-measures, in their operations or project deliveries.
• Working with Global/Regional team to setup program/project planning, scoping and deployment for the region.
• Partnering with our peers/clients to define, support and roll out IT risk management process for the region.
• Facilitate within GTS on the reporting, review and execution of operational /managerial supervision controls to ensure adequate risk coverage and compliance with global /local regulations. And follow through the rectification of managerial supervision controls' anomalies and action plans.
• Manage the process of risk control self-assessment for GTS in Asia.
• Outsourcing management: Take lead on the outsourcing process involving RAMOS as GTS OS Relay and RIsk Expert.
  - Incident management: Report and follow security incidents and their remedial actions from IT risk aspect.
  - Request /Change management: Conduct security risk assessment for new infrastructure architecture proposal or changes.
  - Deliver innovation initiative to improve overall infrastructure security and efficiency.
  - Facilitate, coordinate and take lead to assess and front Infrastructure related AUDIT, Inspection and regional/local regulatory related missions; ensuring proper follow-up/assessment/work with other skill team and management to review answer and define response / action plan. Ensure alginment within GTS teams local/global and zero overdue for defined action plan; 
  - Operational risk reporting: Production of various operational risk reporting (ORCs). Coordinate GTS contribution to external stakeholders reporting and requests.
• Risks reporting: Production of various risk indicators(KPIs; KRIs). Coordinate among Infrastructure teams to contribute to external stakeholders reporting and requests
  · Conduct security & risk awareness training to the Infrastructure teams

Profile Requirements:

Knowledge

•  Kowledge and hands-on experiences in IT, Infrastructure and risk controls
•  Knowledge and experience in IT infrastructure (speak the language, expertise not required)
• Knowledge in technology regulatory requirement like HKMA, SFC, MAS, GDPR, CBIRC, etc. is required
• Project management experience is desired
• Knowledge and experience in a banking environment will be beneficial but not essential
• Knowledge in the Public Cloud, development and specific Infrastructure domains are a plus
• Professional certification recognized by Regulatory bodies like HKMA, e.g. CISM, CISA or CRISC, is a plus

Soft Skills

• 3 - 5 years relevant experience
• Able to organize time, multitask, and define priorities (autonomy)
•  Able to interact with all level of the organization from operators to executive management members
•  Must be able to work collaboratively within a complex organization, across multiple cultures, geographies and
  disciplines
•  Good communication and interpersonal skills
• English proficiency is essential, other spoken languages in the APAC region or French is an advantage 

Behavioral Skills

• Team Spirit - Open mindset/Respect: I listen and share my views and my expertise in an open mode
• Innovation - Technology: I include technological breakthroughs in the strategies implemented
• Responsibility - Performance: I generate outstanding individual and collective performance
• Commitment - Inspiration/Vision: I inspire others by communicating a clear vision and strategy
• Client - Risk/Vigilance: I seek out the greatest benefit for clients/internal partners while ensuring that the Group’s risks are properly managed
• Innovation - Simplification: I make things & ideas simple 
   

Company Description

Societe Generale is one of the leading European financial services groups. Founded in 1864, we have been playing a vital role in the economy for over 150 years. With more than 133,000 employees based in 61 countries worldwide, we accompany 32 million clients throughout the world on a daily basis. Based on a diversified universal banking model, the Group combines financial strength with a strategy of sustainable growth.

ASIA-PACIFIC (ASIA), as one of the Business Units of Societe Generale, operates in 12 locations across the Asia Pacific region, employing over 2,500 employees with the regional headquarter located in Hong Kong. Our activities here are centered on Societe Generale's Global Banking & Investor Solutions pole (GBIS), a major growth engine for the Group and a key pillar of Societe Generale's universal banking model. Our expertise in Asia Pacific ranges from Corporate & Investment Banking (Advisory, Financing and Global Markets) to Asset Management, Global Transaction Banking and specialised financial services like Equipment & Vendor Finance and Vehicle Leasing & Fleet Management. In addition, Societe Generale's Global Solution Centre (SGGSC) in Bangalore and Chennai offers customised business solutions to the Societe Generale Group globally including ASIA.

Department Description
The IT Infrastructure department, Global Technical Services (GTS), is one of the major stakes for the bank and is at the heart of Societe Generale group's strategy.
 
Today, the Digital Transformation raises important challenges around IT Architecture, Infrastructure and Security. Many of these challenges are opportunities to imagine new experiences for our clients and new way to deliver IT services.
Within the Resources and Innovation division, GTS department plays a key role in the Digital Transformation. With more than 3500 GTS staff located across the world, GTS develops innovative projects while delivering operational excellence for infrastructure services to 148,000 employees and 32 million external clients.
GTS staff motivation comes from the new technologies they deliver to enhance agility of the various business lines (Cloud, Big Data, Continuous Delivery).

GTS/SEC is the operational risks and security management function of GTS. Being the first line of
defence for Societe Generale, its main objectives includes:
- Protecting the GTS infrastructures, the associated IT services and manages the operational risks. 
- Secure Infrastructure of the bank via detect and respond security incidents
- Improve the level of operational risk and security management for GTS
- Provide seamless security by design, focusing on critical assets and data protection
- Raise Security Awareness for SG staffs
- Be the Governance, Risk & Compliance Expert Center for GTS