Lead- Risk IT & Infosec

 For each assigned review you will report to Head of Technology Risk – RISQ CTL. You will be expected to:

• Assist/ Lead/manage the risk assessment, scoping and planning of a review.
• Assist/Lead/manage in presenting the scope, progress, and results of the review to internal stakeholders.
• Assist/ Lead/manage in executing the review. Specifically focusing on the following:
  • Analyze the design of controls around the underlying system architecture in the context of information technology/information security controls and its impact on the business.
  • Analyze the business and technology processes to evaluate the design and effectiveness of the relevant technology controls by designing and executing tests to validate identified system control features, which may require data analysis, code inspection and re-performance of system processes.
• Document the results of the test steps executed project repository as per the departmental guidelines and best practices.
• Assist/Lead/manage in vetting review observations/findings.
• Assist/Lead/manage in the report preparation
• Assist/Lead/manage in tracking, monitoring, and recording remediation of risks identified in reviews.
• Assist/manage the Continuous Monitoring of technology business units to pro-actively identify changes to the risk profile of the business units/service units.

• 3 to 6 years of relevant experience in technology audit, information/cyber security, technology consulting or other relevant industry experience. 
• Hands on experience in audit planning, execution, reporting, issue follow-up, risk assessment and annual planning exercise
• Well versed with auditing of typical technology controls, aware of generally used technology tools, and techniques across software development lifecycle, application security, cloud security, network security, data loss prevention techniques, security of cloud, IT asset management, identity and access management, BCP and DR.
• Experience of using, auditing, or understanding a combination of the following technologies is preferred: 
  • Cloud Computing, Cloud Security, CI/CD, Containerization.
  • Security Operation Centre, SIEM
  • Programming languages like C, C++, C#, Java, Perl etc
  • Databases (Sybase, Oracle etc)
  • System Architecture (Distributed/Messaging/Mainframe)
  • Operating Systems (Linux etc)
  • Infrastructure Controls (Networks, Voice, Backups, Storage, data centres etc)
• Experience in data analysis using Advanced Excel, Power BI, Alteryx or similar tools.
• At least one of the relevant certifications (CISA) or industry accreditations (CISSP, AWS, Azure, Google Cloud, CEH, CCNA).
• BE/B Tech/MCA/MBA/MS in Information Technology or Cyber Security or equivalent University degrees in technology
• Experience in managing audit engagements or information/cyber security or technology projects
• Strong interpersonal, written, and verbal communication skills as the job requires frequent interaction with technology and business management

COMPETENCIES

• • Functional Expertise - Keeps up to date with emerging technology, business, and market trends
  • Technical Skills - Demonstrates strong technical skills required for the role, pays attention to detail, takes initiative to broaden his/her knowledge and demonstrates appropriate financial/analytical skills
  • Audit Skills- knowledge of preparing, meeting minutes, walkthrough and overview documents, test sheets, risk control matrix, risk assessment, stakeholder management and preparing review reports. 
  • Drive and Motivation - Successfully handles multiple tasks, takes initiative to improve his/her own performance, works intensely towards extremely challenging goals and persists in the face of obstacles or setbacks
  • Client and Business Focus - Effectively handles difficult requests, builds trusting, long-term relationships with clients, helps the client to identify/define needs and manages client/business expectations
  • Teamwork – Gives evidence of being a strong team player, collaborates with others within and across teams, encourages other team members to participate and contribute and acknowledges others' contributions 
  • Communication Skills - Communicates what is relevant and important in a clear and concise manner and shares information/new ideas with others
  • Judgement and Problem solving - Thinks ahead, anticipates questions, plans for contingencies, finds alternative solutions, and identifies clear objectives.  Sees the big picture and effectively analyses complex issues
  • Creativity/Innovation - Looks for new ways to improve current processes and develop creative solutions that are grounded and have practical value
  • Influencing Outcomes - Presents sound, persuasive rationale for ideas or opinions.  Takes a position on issues and influences others' opinions and presents persuasive recommendations

“We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.

At Société Générale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating, and taking action are part of our DNA. If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!

Still hesitating?

You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.

We are committed to support accelerating our Group’s ESG strategy by implementing ESG principles in all our activities and policies. They are translated in our business activity (ESG assessment, reporting, project management or IT activities), our work environment and in our responsible practices for environment protection.