Regional Chief Information Security Officer (CISO)

Permanent contract|Hong Kong|IT (Information Technology)

Regional Chief Information Security Officer (CISO)

Hong Kong, Hong Kong Permanent contract IT (Information Technology)


Based in Hong Kong, the Chief Information Security Officer (CISO) is responsible of the Cybersecurity Risk for Asia region. The CISO is responsible to coordinate regionally on the application of group cyber security policies and standards. The CISO is responsible for implementing, enhancing and overseeing the information security framework. The CISO directly manages a core team of security professionals responsible for managing operational activities, regulatory matters as well as coordinating the execution of information security program.

Main Responsibilities

  • Management of Data and Cyber Security team and oversight on infrastructure security for Asia region
  • Definition and implementation of the regional Cyber Security governance with regional stakeholders (up to regional executive management) and in alignment with global governance
  • Definition of the Asia Cyber Security strategy and framework
  • Implementation of the regional Cyber Security program aiming to reinforce prevention and protection capabilities as well as defining and testing reaction capabilities in case of Cyber Security incident
  • Support Business Units and Service Units in their transformation providing adequate guidance on Cyber Security subjects
  • Be a subject matter expert on subjects alike Identity and Access Management, Application Security, Outsourcing Security, Cloud security, Data protection and Incident management
  • Deliver relevant awareness and training adapted to the current threat landscape and the user population
  • Maintain and continuously improve the bank's cyber defense capabilities through operational monitoring of anomalies and incident management
  • Monitor Cyber Security regulatory landscape (16+ active regulatory bodies in the region), coordinate gap analysis and follow-up remediation plans

Profile required


  • Bachelor Degree in Information Technology or equivalent
  • Professional qualification such as CISM, CISSP, ISO 27001
  • Experienced Security Expert with 10+ years of relevant experience


  • Strong understanding of IT infrastructure and IT applicative framework architectures
  • Strong background of Data & Cyber Security
  • Good understanding of application vulnerabilities and common exploits
  • Excellent English verbal and written communication skills, experience of influencing at senior organizational levels, up to and including MD level
  • Client oriented mindset, results driven, proactive and quick to react to requests
  • Innovative and bringing new ideas to improve processes.


  • Client - Risk: I strive to satisfy clients/internal partners while taking into account risks for the company
  • Commitment - Inspiration: I communicate a clear vision and strategy 
  • Responsibility - Courage: I express my convictions and make decisions with courage
  • Responsibility - Risk awareness: I am constantly on the lookout for risks 
  • Commitment - Exemplarity: I embody the Group’s values 
  • Innovation - Simplification: I make things & ideas simple 

Business insight

Company Description
Societe Generale is one of the leading European financial services groups. Founded in 1864, we have been playing a vital role in the economy for over 150 years. With more than 148,000 employees based in 76 countries worldwide, we accompany 32 million clients throughout the world on a daily basis. Based on a diversified universal banking model, the Group combines financial strength with a strategy of sustainable growth.

ASIA-PACIFIC (ASIA), as one of the Business Units of Societe Generale, operates in 12 locations across the Asia Pacific region, employing over 2,500 employees with the regional headquarter located in Hong Kong. Our activities here are centered on Societe Generale's Global Banking & Investor Solutions pole (GBIS), a major growth engine for the Group and a key pillar of Societe Generale's universal banking model. Our expertise in Asia Pacific ranges from Corporate & Investment Banking (Advisory, Financing and Global Markets) to Asset Management, Global Transaction Banking and specialised financial services like Equipment & Vendor Finance and Vehicle Leasing & Fleet Management. In addition, Societe Generale's Global Solution Centre (SGGSC) in Bangalore and Chennai offers customised business solutions to the Societe Generale Group globally including ASIA

Department Description
Reporting within the Global Business Service Unit (GBSU) to the IT Risk And Production Management (RPM) department, the Data & Cybersecurity (DCS) team is responsible for securing and steering Information Security and Cybersecurity related risks falling under Global Banking & Investor Solutions' (GBIS) remit. The team is based in Hong Kong and has transversal oversight on Asia Pacific.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Reference: 22000XP9
Entity: Societe Generale Hong Kong Branch
Starting date: immediate
Publication date: 2023/01/05