Regional Cyber Governance Risk and Compliance Officer
Responsibilities
The Regional Cyber Governance, Risk, and Compliance (GRC) Officer is responsible for overseeing the cybersecurity framework across the Asia Pacific region, with a strong emphasis on regulatory compliance in APAC countries. This role holds a key responsibility in assessing, overseeing, and advising on cyber regulation compliance. The Regional Cyber GRC Officer leads the response to regulatory inquiries, manages cybersecurity awareness initiatives, and supervises overall cyber governance across various Asian markets.
- Conduct and manage cyber risk assessments, audits, and regular monitoring to proactively identify and mitigate risks.
- Drive the company-wide cybersecurity awareness program, providing training and resources to ensure staff remains informed about current threats and best practices.
- Ensure adherence to all relevant regulatory compliance standards, including liaising with legal and compliance teams to stay updated on emerging legislations.
- Maintain close interaction with regulators for all aspects related to Information systems and Technology.
- Lead internal response on Cybersecurity towards regulatory requests, RISQ / audit /inspection or regular submissions ensuring timely and accurate reporting and communication.
- Monitor and ensure compliance (coordinate gap analysis and follow-up remediation plans) against local regulations, global policies, and standards related to Cybersecurity.
- Oversee the cyber risk governance over Asian countries, being the Regional point of contact for cyber security correspondents in the various countries.
- Coordinate across various departments to integrate cybersecurity best practices and compliance into broader corporate governance.
- Regularly report to senior management on the status of cybersecurity governance, risk management, and compliance activities.
- Evaluate and manage regional security exceptions in alignment with global standards
Profile required
Academic Background and Certifications, Experience
- Bachelor's degree in information technology or equivalent
- Professional qualification in information security management such as CISSP, CISM, CISA
- Minimum of 10 years of experience in cybersecurity with a focus on governance, risk management, and compliance, preferably with multi-country responsibilities in the Asia Pacific region.
Operational Skills
- Extensive knowledge of the regulatory environment and data protection laws within the Asia Pacific region.
- Proven ability to interact with regulators and other external parties on information securty matters.
- Proven track record of developing and executing successful cybersecurity awareness programs.
- Experience in conducting and managing risk assessments, interpreting results, and developing strategies to mitigate identified risks.
- Strong leadership skills with experience with cross-functional global teams and working with senior stakeholders
- Excellent communication and interpersonal skills, with an ability to translate complex technical information for a non-technical audience.
- Fluent in English with proficiency in other Asian languages being highly desirable.
- Client oriented mindset, results driven, proactive and quick to react to requests
- Innovative and bringing new ideas to improve processes.
Behavioral Skills
- Client - Risk: I strive to satisfy clients/internal partners while taking into account risks for the company
- Commitment - Inspiration: I communicate a clear vision and strategy
- Responsibility - Courage: I express my convictions and make decisions with courage
- Responsibility - Risk awareness: I am constantly on the lookout for risks
- Commitment - Exemplarity: I embody the Group’s values
- Innovation - Simplification: I make things & ideas simple
Business insight
Company Description
Societe Generale is one of the leading European financial services groups. Based on a diversified and integrated banking model, the Group combines financial strength and proven expertise in innovation with a strategy of sustainable growth. Committed to the positive transformations of the world’s societies and economies, Societe Generale seeks to build together with its clients, a better and sustainable future through responsible and innovative financial solutions. Active in the real economy for over 150 years, with a solid position in Europe and connected to the rest of the world, Societe Generale has over 117,000 employees and supports 25 million individual clients, businesses and institutional investors worldwide (figures as of August 2023). We have a presence in 11 locations across Asia Pacific. With our regional headquarters in Hong Kong – a core hub of the worldwide Societe Generale Group – we employ around 2,300 employees in the region. In addition, Societe Generale's Global Solution Centre (SGGSC) in Bangalore and Chennai supports the Group in Asia Pacific and globally with customised business solutions.
Department Description
Reporting within the Global Business Service Unit (GBSU) to the IT Risk And Production Management (RPM) department, the Data & Cybersecurity (DCS) team is responsible for securing and steering Information Security and Cybersecurity related risks falling under Global Banking & Investor Solutions' (GBIS) remit.
We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.