IT Risk Manager

 Jersey City, United States       Permanent contract        Information Technology


The Senior IT Risk manager shall be responsible for overseeing ITEC’s Risk Management program as defined by SG America’s ITEC Department, the SG worldwide ITEC Department, as well as the Enterprise Risk Committee and the CIO.   Our IT Risk Management program, which is an important component of our Operational Risk management program, can be described in three steps below, which shall all be under the operating domain of this role:

  1. Risk Identification - Oversee, Manage, Support, Report and provide Transparency on ITEC’s Risk Identification process including oversight of the ITEC Annual Risk Assessment, as well as the ITEC divisions, Annual Risk Control Self Assessments (RCSA), and the Information Systems Security Program (ISSP), led by ROCS (Risk, Operational Control, Security group).  The Senior IT Risk manager will provide oversight to ensure that there are clear remediation plans and prioritization of efforts on the issues identified in those risk assessments.  As well, he or she will also follow track and report on Risk identification efforts by Internal and External Auditors, and provide visibility on all audit points related to risk.   This position will also oversee the team which produces Key Risk Indicators to assist ITEC management on its visibility of its IT Risks.
  1. Risk Measurement – Utilizing the standards and methods defined by ROCS and the Enterprise Risk Committee, the Senior IT Risk Manager shall be responsible for designing and overseeing processes for collection, analysis and dissemination of relevant data for measurement of risk, inclusive of outages (incidents, problems), outage time, outage resolution, operational financial losses, and other IT Risk parameters.
  1. Risk Mitigation – SG has a comprehensive program to define is annual priorities for investment in IT and Information Security.  This role shall be responsible for liaising with the relevant actors, local and global, to help shape and define the priorities specifically to the IT Americas area. The prioritization shall utilize a Risk Based approach which can be developed by said Senior IT Risk Manager.
  • Lead, oversee and collaborate with internal teams to align our operational activities with IT Risk best practices.
  • Analyze and prioritize requirements related to IT Risk management.
  • Contribute to IT Risk Strategy globally and lead specific domains as necessary.
  • Write policies and procedures on certain core areas, as well as functional specifications, and model the requirements / specifications to IT Risk needs.
  • Oversee teams to gather, analyze, document, and validate the IT Risk needs of the ITEC stakeholders;
  • Establish strong relationships with business partners, ROCS, RISK, AUDIT and the COO .
  • Partner with Internal Audit and External Auditors to track and manage audit points assigned to ITEC.
  • Procure technical assistance to assist in problem resolution for ITEC stakeholders for our risk tools, including but not limited to GPS (permanent supervision tool) and  KART (Audit reco tool),
  • Oversee teams to provide reporting support for all Risk based reporting by IT, including the Quarterly Enterprise Risk Committee report, Quarterly FCM Risk report, Application Heat Map and Monthly Key Indicators Dashboard
  • Investigate, resolve and escalate problems as necessary;
  • Promote a thorough understanding of  IT Risk roles, processes and activities to the business units; including leadership in training and awareness sessions.
  • Collaborate with the RISK Department to help assess ITEC’s risk appetite and define/redefine appropriate risk thresholds and limits
  • Manage risk related projects impacting ITEC and coordinate with the different risk functions
  • Interface with all of the bank’s regulators on matters relating to IT and Operational Risk
  • Management of IT Risk metrics and a KRI Dashboard
  • Partner with ROCS and RISK departments to strengthen our Risk Control Self Assessment (RCSA) program

Day to day responsibilities include but not limited to:

Profile Required


  • Experience in developing and managing an IT Risk Management program
  • Comfortable with organizational complexity, high pressure environments and rapid change
  • Analytical and rigorous
  • Reactive and adaptive
  • Straightforward and clear communicator
  • Demonstrated success in leading small to medium sized teams towards common goals and objectives.
  • Strong understanding and knowledge of many information technology domains
  • Ability to present to C-level management with poise and rigor.
  • Strong powerpoint skills for creating effective presentation decks.
  • 10+ years in Financial Services
  • 6+ years in a relevant Risk or Audit function that specialized in IT Risk management
  • Working knowledge of banking industry requirements regarding the field of IT Risk, as defined by regulators such as the FRBNY, FFIEC, and NYDFS.
  • Strong working knowledge of FFIEC Management Handbook, NIST and ISO standards on IT Risk
  • Hands on experience in IT Risk assessment.
  • CRISC or CISA/CISM/CISSP Certifications
  • Experience in working directly in an IT function related to Risk identification, measurement and mitigation.
  • MBA or Masters Degree in Finance, Financial Engineering, Mathematics or equivalent experience.
  • English

Business Insight

SG, which has its world headquarters in Paris and its regional headquarters for the Americas in New York City, has numerous branches, representative offices, subsidiaries and affiliates located in more than 75 countries.  In the United States, SG offers a full range of investment and commercial banking, treasury, financial advisory, execution and industry services, and currently maintains branches, agencies and other offices in New York City, Jersey City (New Jersey), Boston, Chicago, Dallas, Houston, Montreal, Toronto, and Sao Paolo.  SG employs approximately 3,200 people in the Americas. The Information Technology Division (“ITEC”) of Societe General Americas is responsible for providing IT services to all offices in the Americas.  Its teams comprise primarily Application Development Teams, Application Support teams and Transversal teams.  The role described herein is defined as an Senior IT Risk Manager, who shall report to our Chief Information Risk Officer & Head of Technology Risk, a First Line of Defense function. 

Inherent in today’s landscape, the focus on Risk Management (Identification, Measurement, Mitigation) is paramount to a successful operating model.  ITEC has a need for a Senior IT Risk Manager to direct its activities related to IT risk, provide strategic oversight, and to liaise with other teams within SG to manage its activities related to IT Risk.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Job code: 19000XV5
Starting date: 27/01/2020
Date of publication: 22/01/2020
Share on

IT Risk Manager

Permanent contract   |   Jersey City   |   Information Technology