Lead Expert - Information & Cyber Security

Permanent contract|Bangalore|Risks

Lead Expert - Information & Cyber Security

  • Bangalore, India
  • Permanent contract
  • Risks

Responsibilities

·        Support Risk Management and Supervision team [RMS] in charge of assessing the risk profile and the effectiveness of the information security risk systems of the Group’s Business and Service Units.

·        Review IT risk self-assessments and follow -up the implementation of agreed risk remediation plan.

·        Proactively understanding existing/upcoming regulations.

·        Facilitating local compliance with information security policy as well as appropriate regulations/laws

·        Assisting in the development / changes to the ICT risk frameworks, a strong risk management culture and to be recognized for providing expert operational risk advice.

·        Partner with sr. stakeholders to proactively identify ICT risks and assess the adequacy of controls to manage such risks, including recommending enhanced or additional controls.

·        Proactive in identifying and following up on ICT anomalies / areas of concern.

·        Independently review, challenge and support information security activities. - Review the analyses conducted by the LOD1 (ORMs/CISO/BU-SU Program Managers etc.) on their information security risk profile and the related remediation actions

·        In response to material information security incidents, whether internal or external, conduct independent deep dive review of the preliminary, interim, and final incident investigation report and act as a challenge function to such reports.

·        Support information security reporting and monitoring of metrics and Key Risk Indicators (KRI) at the product line and divisional levels; continuously review existing body of KRI and related reporting.

·        Consult with internal groups such as CISO, Infrastructure, Compliance, Legal, and other Operations teams on matters related to information risk controls, self-assessments, security incidents and infrastructure projects’ security aspects.

·        Participate in the validation of the information security standards and standards applied by the BUs/SUs and the requested exceptions.

Profile required

Technical and Functional Skills
Education / Certifications: Graduate / Master’s in information technology/Computer Information Systems or related. CISSP / CISA/ CRISC good to have.

IT / Systems Skills:  IT audit experience mainly in ICT space preferably with a BIG 4; experience with network security (functionality and maintenance), Office 365 Security, Endpoint Security and emerging technologies.

Functional Skills: Expert Knowledge On the risk framework associated with information systems & cyber security, clear understanding of IT audit methodologies. Exceptional understanding of Firewalls, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, Security Audits Experience in BCP Audits and outsourcing/ third part reviews of an ITES set-up with a thorough understanding of the business lines. Prior Experience as LOD2/ LOD3 Information security Manager in a Bank or Large Financial Institution with direct interactions with Regulators or experience in internal IT audits/ Information security audits.

Interpersonal Skills:

·        Ability to thoroughly investigate and problem solve.

·        Ability to identify issues and trends to recommend comprehensive solutions and remedies.

·        Ability to organize and prioritize work and meet deadlines.

·        Ability to produce senior management reports covering key risk issues, remediation efforts, gaps and analysis.

Why join us

“We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Business insight

At Société Générale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious.

Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating and taking action are part of our DNA.

If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!

Still hesitating?

You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices and sharing their skills with charities. There are many ways to get involved.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Reference: 240007PU
Entity: SG Global Solution Centre
Starting date: immediate
Publication date: 2024/07/15
Share