IT Risk Manager

Permanent contract|Jersey City|Risks

IT Risk Manager

Jersey City, United States Permanent contract Risks


Day-to-Day Responsibilities:

The IT Risk manager shall be responsible for assisting with the execution of the IT Risk Management program as defined by SG America’s IT Risk Department, as well as the Enterprise Risk Committee and the CIO.   Our IT Risk Management program, which is an important component of our Operational Risk management program, can be described in three steps below, which shall all be under the operating domain of this role:

  1. Risk Identification - Oversee, Manage, Support, Report and provide Transparency on GBSU’s Risk Identification process including oversight of the GBSU’s Annual Risk Assessment, as well as the GBSU divisions, Annual Risk Control Self Assessments (RCSA), and the Information Systems Security Program (ISSP), led by DCS.  The IT Risk manager will ensure that there are clear remediation plans and prioritization of efforts on the issues identified in those risk assessments.  As well, he or she will  also follow track and report on Risk identification efforts by Internal Audit and provide visibility on all audit points related to risk.   This position will also produce certain Key Risk Indicators and assist GBSU management on its Permanent Supervision controls.

  2. Risk Measurement – Utilizing the standards and methods defined by the IT Risk Framework and the Enterprise Risk Committee, the IT Risk Manager shall be responsible for collection, analysis and dissemination of relevant data for measurement of risk, inclusive of outages (incidents, problems), outage time, outage resolution, and operational financial losses.

  3. Risk Mitigation – SG has a comprehensive program to define is annual priorities for investment in IT and Information Security.  This role shall be responsible for liaising with the relevant actors, local and global, and applying its priorities specifically to the IT Americas area.

Day to day responsibilities include but not limited to:

  • Collaborate with internal teams to align our operational activities with IT Risk best practices

  • Analyze and prioritize requirements related to IT Risk management.

  • Write policies and procedures on certain core areas, as well as functional specifications, and model the requirements / specifications to IT Risk needs.

  • Gather, analyze, document, and validate the IT Risk needs of the GBSU stakeholders;

  • Establish strong relationships with business partners, DCS, RISQ, AUDIT and the COO .

  • Partner with Internal Audit to track and manage audit points assigned to GBSU.

  • Procure technical assistance to assist in problem resolution for GBSU stakeholders for our risk tools, including but not limited to GPS (permanent supervision tool) and  KART (Audit reco tool),

  • Provide reporting support for all Risk based reporting by IT, including the Quarterly Enterprise Risk Committee report, and the Quarterly FCM Risk report.

  • Investigate, resolve and escalate problems as necessary;

  • Promote a thorough understanding of  IT Risk roles, processes and activities to the business units;

  • Help develop a formal reporting of IT Risk to be delivered monthly to the GBSU Americas Managmeent team (EXCO)

  • Collaborate with the RISQ Department to help assess GBSU’s risk appetite and set up appropriate risk thresholds and limits

  • Manage risk related projects impacting GBSU  and coordinate with the different risk functions

  • Interface with all of the bank’s  regulators on matters relating to IT and Operational Risk as required

  • Partner with DCS, RISQ, GBSU to Strengthen our Risk Control Self Assessment (RCSA) program

Profile required



  • Experience in developing and managing an IT Risk Management program

  • Comfortable with organizational complexity, high pressure environments and rapid change

  • Analytical and rigorous

  • Reactive and adaptive

  • Straightforward and clear communicator



  • Strong understanding of financial products

  • Strong excel skills for in depth analysis

  • Strong powerpoint skills for creating effective presentation decks



  • 6+ years in Financial Services in a relevant Risk or Audit function that specialized in IT Risk management

  • Working knowledge of banking industry requirements regarding the field of IT Risk, as defined by regulators such as the FED, FFIEC, and NYDFS.

  • Hands on experience in IT Risk assessment.

  • Experience in working directly in an IT function related to Risk identification, measurement and mitigation.


  • B.S. Degree in Finance, Information Systems, Financial Engineering, Mathematics or equivalent

  • MBA or Masters Degree in Finance, Financial Engineering, Mathematics or equivalent

  • CRISC, CIA, CISA, CISM, CISSP or any other risk/control certifications (desired)

Business insight

Department Summary:

SG, which has its world headquarters in Paris and its regional headquarters for the Americas in New York City, has numerous branches, representative offices, subsidiaries and affiliates located in more than 75 countries.  In the United States, SG offers a full range of investment and commercial banking, treasury, financial advisory, execution and industry services, and currently maintains branches, agencies and other offices in New York City, Jersey City (New Jersey), Boston, Chicago, Dallas, Houston, Montreal, Toronto, and Sao Paolo.  SG employs approximately 3,200 people in the Americas. The Information Technology Division of Societe General Americas is responsible for providing IT services to all offices in the Americas.  Its teams comprise primarily Application Development Teams, Application Support teams and Transversal teams.  The role described herein is defined as an IT Risk Manager, who shall be mapped to our IT Risk and Production Management (RPM) transversal team. 

Inherent in today’s landscape, the focus on Risk Management (Identification, Assessment and Measurement, Mitigation, and Reporting/Monitoring) is paramount to a successful operating model.  RPM/GRC has a need for a Risk Manager to run its activities related to IT risk and to liaise with other teams within SG to manage its activities related to Risk.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Reference: 22000P2H
Starting date: 2022/10/24
Publication date: 2022/09/15