Responsibilities
- Work closely with SOC, CERT and other security teams and Infrastructure skill teams in daily operation and review security requirements
- Exception management: Evaluate and manage infrastructure security exceptions
- Vulnerability management: Conduct scan, assessment and remediation follow-up
- Incident management: Report and follow security incidents and their remedial actions
- Request / Change management: Conduct security assessment for infrastructure request & changes
- Review security architecture proposed by other infrastructure teams
- Deliver innovation initiative to improve overall infrastructure security and efficiency
- Manage and execute the Infrastructure related security projects
- Be the security Interface with stakeholders at all levels, from technical engineers to senior management locally, regionally and globally
- Work closely with other risk and security departments, including all 3 lines of defence
- Cyber reporting: Production of various cyber security reporting (KPIs; KRIs). Coordinate among
- Infrastructure teams to contribute to external stakeholders reporting and requests
- Conduct security & risk awareness training to the Infrastructure teams
Profile required
- Knowledge and hands-on experiences in IT, Infrastructure and information security
- Knowledge and experience in IT infrastructure (speak the language, expertise not required)
- Knowledge in technology regulatory requirement like HKMA, SFC, MAS, GDPR, CBIRC, etc. is required
- Project management experience is desired
- Knowledge and experience in a banking environment will be beneficial but not essential
- Knowledge in the MITRE ATT&CK framework and hands-on experience on security incident investigation processes & techniques
- Security knowledge in the Public Cloud, development and specific Infrastructure domains are a plus
- Professional certification recognized by Regulatory bodies like HKMA, e.g. CISM, CISA or CISSP, is mandatory
Behavioral Skills
- Client - Understanding and Respect: I listen to clients and colleagues in order to understand and anticipate their needs
- Client - Risk: I strive to satisfy clients while taking into account risks for the company
- Team Spirit - Synergies: I make cooperation with colleagues in and outside my team a priority
- Team Spirit - Collective mindset: I Favour the team’s interest over my own results
- Responsibility - Courage: I express my convictions and make decisions with courage and respect.
- Responsibility - Accountability: I make decisions in my scope of responsibilities
Business insight
Company Description
Societe Generale is one of the leading European financial services groups. Based on a diversified and integrated banking model, the Group combines financial strength and proven expertise in innovation with a strategy of sustainable growth. Committed to the positive transformations of the world’s societies and economies, Societe Generale seeks to build together with its clients, a better and sustainable future through responsible and innovative financial solutions. Active in the real economy for over 150 years, with a solid position in Europe and connected to the rest of the world, Societe Generale has over 117,000 employees and supports 25 million individual clients, businesses and institutional investors worldwide (figures as of August 2023). We have a presence in 11 locations across Asia Pacific. With our regional headquarters in Hong Kong – a core hub of the worldwide Societe Generale Group – we employ around 2,300 employees in the region. In addition, Societe Generale's Global Solution Centre (SGGSC) in Bangalore and Chennai supports the Group in Asia Pacific and globally with customized business solutions.
Department Description
The IT Infrastructure department, Global Technical Services (GTS), is one of the major stakes for the bank and is at the heart of Societe Generale group's strategy.
Today, the Digital Transformation raises important challenges around IT Architecture, Infrastructure and Security. Many of these challenges are opportunities to imagine new experiences for our clients and new way to deliver IT services.
Within the Resources and Innovation division, GTS department plays a key role in the Digital Transformation. With more than 3500 GTS staff located across the world, GTS develops innovative projects while delivering operational excellence for infrastructure services to 148,000 employees and 32 million external clients.
GTS staff motivation comes from the new technologies they deliver to enhance agility of the various business lines (Cloud, Big Data, Continuous Delivery).
GTS/SEC is the operational risks and security management function of GTS. Being the first line of defence for Societe Generale, its main objectives includes:
- Protecting the GTS infrastructures, the associated IT services and manages the operational risks.
- Secure Infrastructure of the bank via detect and respond security incidents
- Improve the level of operational risk and security management for GTS
- Provide seamless security by design, focusing on critical assets and data protection
- Raise Security Awareness for SG staffs
- Be the Governance, Risk & Compliance Expert Center for GTS
We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.