Lead Information Security Officer

 Montreal, Canada       Permanent contract        Security


Local Team Manager

  • Local manager for DCS staff located in Montreal supporting DCS capabilities for the AMER region
  • Collaborate with regional DCS team leaders to define staffing needs and workload allocation, set objectives for local staff, monitor performance, provide evaluations, and support career development efforts
  • Recruit and on-board new staff, act as point-of-contact for local staff augmentation vendors, and coordinate resourcing activities with Human Resource team in Montreal
  • Align with local management team

Information Security Manager

  • Represent GBSU/DCS in the Montreal office facing off to local business and support units and align to the DCS regional office in New York
  • Provide thought leadership and demonstrate hands-on knowledge and experience across information security topics including Identify & Access Management, Data Loss Protection, Application Security, Vulnerability Management, Security GRC, and Vendor Risk Assessment
  • Is a member of the AMER DCS Executive Committee, and participates in regional and global security initiatives to meet the AMER strategic plan
  • Establish and maintain communication channels with local and regional stakeholders
  • Assess the effectiveness of local security controls in line with Canadian regulatory requirements and industry accepted practices – modify and add controls as needed
  • Respond to requests from local business lines and support teams on information security topics
  • Act as local subject matter expert (SME) on Cyber and Information Security issues
  • Maintain knowledge of emerging technologies, threats/vulnerabilities, and risk management practices/techniques and its implications to Société Generale’s ecosystem.
  • Participate in security audits, risk analysis, vulnerability testing, penetration testing, and security reviews
  • Perform continuous monitoring of the security posture of systems, network, and devices to identify vulnerabilities, audit findings, and compliance issues
  • Collaborate with IT and the business to remediate issues and ensure compliance requirements are achieved
  • Participate in audits and exams of cyber programs and projects and remediation actions plans
  • Liaise with GTS and the application development teams to ensure security coverage of critical assets
  • Participate in the Security Risk Governance process to provide security risks, mitigations, and input on other technical risk

Profile Required

Professional Experience

  • 8-12 years related business experience in Information Security particularly in the financial services
  • Previous experience in a management or leadership role
  • In-depth understanding core information security functions including, Identity and Access Management, Data Loss Prevention, Application Security, Cyber Threat Management and Incident Response, Security GRC including Vendor Risk Management and Security Awareness
  • Security operations management, security risk/compliance management, project management, and system implementation management skills
  • Practical knowledge of process engineering and technical requirements working with multiple users, platforms, and applications
  • Strong knowledge of change management processes and the software development lifecycle
  • Solid knowledge of Risk Management Frameworks, industry best practices and relevant regulations (e.g., PIPEDA).
  • Knowledge of Canadian and US Security regulatory requirements and environment in financial services industry
  • Experience working in a global / international environment with a broad range of policies and procedures preferred

Education and Certifications

  • Bachelor's degree or equivalent business experience in information and cyber security
  • Certified training in security management, risk and compliance solutions and practices. CISSP, GCIH, CISA, CISM, GSEC, CRISC, or related certification(s) required (e.g., ethical hacking certs)


  • Exceptional communication skills – both verbal and written
  • Detail-oriented and organized
  • Set goals and priorities that maximize the use of available resources
  • Self-awareness of own behavior/work style, as well as tolerant of different needs and viewpoints
  • Interest in others’ opinions and shows consideration, concern and respect for other people

Languages: (Other than English)

  • Bilingual in French (Strongly preferred)

Business Insight

Data & Cyber Security (DCS) is globally responsible for securing and steering Information Security and Cyber Security related risks for the global Markets, Banking and Advisory, and Transaction Banking divisions and related Service Units. DCS is composed of diverse and talented professionals who translate ideas into action daily by combining the strength of its expertise with a deep understanding of Business Unit and Service Unit needs.


DCS covers the Americas primarily from the regional office in New York with support from a near-shored location in Montreal.  Given the increasing role of Montreal as a support hub and the existence of local business units, DCS is looking to expand the Montreal team including a new role for a Lead Information Security Officer.


DCS’ responsibilities cover the management of Information Security and Cybersecurity

frameworks and revolve around five areas of expertise – Identification, Protection, Detection, Response, and Recovery.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Job code: 200002D4
Business unit: SG CIB
Starting date: Immediate
Date of publication: 09/04/2020
Share on

Lead Information Security Officer

Permanent contract   |   Montreal   |   Security