Operational Risk Officer (Cybersecurity) – Second Line

Permanent contract|Hong Kong|Risks

Operational Risk Officer (Cybersecurity) – Second Line

Hong Kong, Hong Kong Permanent contract Risks


In this role, the Operational Risk Officer needs to assess the First Line of Defence (1 LOD) framework in the identification and management of its operational risks, defining and implementing the right remediation plan and challenge if required the risk acceptance taken by the business line (through the governance such as (operational risk committees) or normal day to day interaction on incidents…). This role applies to existing business as well as key projects or by conducting analysis and providing an opinion in new product committees.

The Operational Risk Officer should also make sure that the first level of control framework (on operational risk) is adapted and efficient. This is supported by second line of controls (also known as control of control or spot checks) and by recommending and following up on controls deployment initiatives when relevant.

The Operational Risk Officer needs to ensure that the processes and governance around operational risk (Incident Collection/Reporting, RCSA, Permanent Supervision, Anti-Fraud, etc…) respect the group policies and norms. He/she will challenge and may conduct investigations/post-mortems and follow-up on red flags and corrective action items.

In case of major risk identification or a risk that is not appropriately managed by the department in charge (or lacking of department in charge) the Operational Risk Officer has the duty to escalate the information through the appropriate channel starting with his/her management.

In the context of the behavioural model, the Operational Risk Officer will invest its time and skills towards team work, act ethically and with courage, propose new ideas and contribute to change management, and finally lead as an example and by its support to colleagues or other teams. All these actions and values will contribute to the development of client positive impact (client being internal or external).

Primary Responsibilities as a member of RISQ/OPE/RMS

  • Access to business lines (e.g. participate to first line operational risk committee) and understand their operational risk exposure.
  • Provide independent opinion, analysis, and expert judgment on operational risk topics to RISQ/OPE management and Senior Management.
  • Provide advice on proposal or decision made by business lines related to processes, tools or solutions related to operational risk management.
  • Provide framework to review/ facilitate that risk considerations are taken into account appropriately by business lines in major decision making or operational risk norm exceptions management (e.g. New Product Committee validation)
  • Assess the robustness and sustainability of the operational risk management framework of ASIAPAC as the Business Unit
  • Develop knowledge (e.g. participate or engage industrial working group/forum) and advise on (market) best practices related on risk management
  • More specifically, this role will carry out his/her responsibilities on Cyber/Information Technology, Technology, Business Continuity and Physical Risks.
  • Responsibilities as a member of RISQ/OPE
  • Liaise / support / participate to debrief within RISQ/OPE during their control testing
  • Assist other RISQ/OPE team member on their underlying business coverage for front to back analysis and in order to ensure minimal back-up
  • Can be associated or take the lead on operational risk awareness and training sessions
  • Produce and animate the necessary operational reporting and governance for the executive committee in line with the local risk teams.
  • Participate or coordinate with other second line teams and third line exercises as well as regulator requests on operational risk
  • May Animate or Perform second line of control (through testing program) 

Profile required

Business knowledge

  • Operational Risk Processes Knowledge
  • Experience and Knowledge in Technology Risk


  • Experience in developing and documenting governance processes supporting operational risk frameworks
  • Underlying business knowledge and experience (Corporate and investment banking environment)
  • Knowledge and experience in Operations or Product Control

Expert knowledge

  • Preferable: HKMA CFI recognized Cybersecurity certifications (e.g. CISA, CISM, CRISC, CISSP … etc.)


  • Microsoft Office (Power Point, Word or Excel Expert)


  • Operational Risk Tools knowledge (SG or Industry)
  • Knowledge of tools used in the processing chain is a plus (SG or Industry)
  • Microsoft Power BI

Soft Skills

  • Strong analytical skills with high attention to details and accuracy
  • Ability to articulate complex concepts in a clear manner
  • Excellent verbal, written, and interpersonal communication skills
  • Able to organize time, multitask, and define priorities (autonomy)
  • Able to interact with all level of the organization from operators to executive management members
  • Must be able to work collaboratively within a complex organization, across multiple cultures, geographies and disciplines


  • Ability to be flexible and agile (priorities may change, and escalation need to be adapted)
  • Demonstrated ability to lead change through influencing skills, be a positive change agent


  • English required – Other spoken languages in the region or French are a plus

Business insight

Company Description
Societe Generale is one of the leading European financial services groups. Founded in 1864, we have been playing a vital role in the economy for over 150 years. With more than 148,000 employees based in 76 countries worldwide, we accompany 32 million clients throughout the world on a daily basis. Based on a diversified universal banking model, the Group combines financial strength with a strategy of sustainable growth.

ASIA-PACIFIC (ASIA), as one of the Business Units of Societe Generale, operates in 12 locations across the Asia Pacific region, employing over 2,500 employees with the regional headquarter located in Hong Kong. Our activities here are centered on Societe Generale's Global Banking & Investor Solutions pole (GBIS), a major growth engine for the Group and a key pillar of Societe Generale's universal banking model. Our expertise in Asia Pacific ranges from Corporate & Investment Banking (Advisory, Financing and Global Markets) to Asset Management, Global Transaction Banking and specialised financial services like Equipment & Vendor Finance and Vehicle Leasing & Fleet Management. In addition, Societe Generale's Global Solution Centre (SGGSC) in Bangalore and Chennai offers customised business solutions to the Societe Generale Group globally including ASIA.

Department Description

The Risk Management (RISQ) Division in Hong Kong. Independent from the Business Lines, RISQ Division's mission is to contribute to the development of the SG Group's activity by facilitating the objectives of the Business Lines while maintaining independent oversight through risk evaluation and monitoring. The RISQ division in HK supports all the Group’s activities in the Asia-Pacific Region.

The mission of the Operational Risk Second Line of Defence department (RISQ OPE) is to provide independent, objective, and leading operational risk management challenge and oversight services to assist the firm in maintaining an effective system of operational risk management.

RISQ OPE conducts the oversight of the governance, risk and control frameworks and tolerances of Operational Risk.
RISQ OPE provides proactive advice to help management identify and measure key risks, and to evaluate controls in existing and expanding businesses.  An objective is to accompany the employees and raise awareness on the importance of operational risk management which is based on the principle that “everyone is an operational risk manager”.
RISQ OPE organises and/or tests the soundness and efficiency of the operational risk framework, especially on governance, risk identification and mitigation as well as permanent controls.

The department based in Hong Kong covers the ASIA PACIFIC perimeter of activities.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Reference: 21000RW0
Entity: Societe Generale Hong Kong Branch
Starting date: immediate
Publication date: 2021/11/08