Back to offers

Cyber Security Analyst

IT (Information Technology)
Apply
Permanent contract
Hong Kong, Hong Kong
Reference 24000SO7
Start date 2025/01/03
Publication date 2024/12/08

Responsibilities

The Cyber Security Officer is responsible for coordinating and delivering enhancement to cyber security third party practices. This includes developing and implementing new processes, leveraging offshore resources, establishing robust governance, and collaborating with stakeholders across the Group to drive adoption of best practices.

Main Responsibilities:

  • Enhance Third-Party Risk Assessment Framework: Improve existing processes and develop new ones to ensure comprehensive assessment of critical third parties, including:
  • Incorporating software dependency risk assessment (e.g., SBOM analysis, vulnerability scanning).
  • Integrating fourth party/supply chain risk assessment.
  • Aligning with evolving regulatory requirements and industry best practices (e.g., HKMA, RBI, MAS, etc.).
  • Develop Key Risk Indicators (KRIs): Define and implement a set of KRIs to enable ongoing cyber security monitoring of third parties by supply managers.

Establish Offshore Assessment Function: Support the build and management of an offshore function to perform third-party risk assessments, ensuring:

  • Consistent and high-quality assessments.
  • Transparency through well-defined processes and performance indicators.
  • Robust quality assurance and risk management controls.
  • Clear communication and collaboration with internal stakeholders.

Implement Governance and Reporting: Develop and maintain a governance framework to oversee the performance of the offshore function and the overall third-party risk management program, including

  • Regular reporting on key metrics, risks, and remediation efforts.
  • Escalation procedures for critical issues.
  • Continuous improvement processes.

Group-Wide Collaboration and Expansion:

  • Ensure alignment with Global practices and direction.
  • Explore the potential for group-wide adoption of the enhanced third-party risk management framework and offshore function.
  • Collaborate with GBIS and Group management to develop and implement standardized practices.

Profile required

Academic Background and Certifications, Experience

Bachelor's degree in information technology or equivalent

Professional qualification in information security management such as CISSP, CISM, CISA are advantageous

2 - 3 years of experience in cyber security, IT audit, risk management, or project management, preferably with some exposure to third-party risk.

Operational Skills

  • Understanding of cyber security frameworks and standards (e.g., NIST CSF, ISO 27001, SOC 2).
  • Familiarity with third-party risk management concepts and practices.
  • Strong analytical, problem-solving, and communication skills.
  • Ability to work independently and as part of a team.
  • Experience with project management, vendor management or outsourcing is a plus.
  • Excellent English verbal and written communication skills, experience of influencing at senior organizational levels, up to and including MD level
  • Client oriented mindset, results driven, proactive and quick to react to requests
  • Creative thinker, able to bring new ideas to improve processes
  • Able to see what actions brings the most improvements over the long term

Behavioral Skills

  • Client - Risk: I strive to satisfy clients/internal partners while taking into account risks for the company
  • Commitment - Inspiration: I communicate a clear vision and strategy
  • Responsibility - Courage: I express my convictions and make decisions with courage
  • Responsibility - Risk awareness: I am constantly on the lookout for risks
  • Commitment - Exemplarity: I embody the Group’s values
  • Innovation - Simplification: I make things & ideas simple 

Business insight

Our Culture

At Societe Generale, we live by our 4 core values of commitment, responsibility, team spirit and innovation. We are engaged and demonstrate consideration for others. We act ethically and with courage. We focus our talent and energy on collective success. We experiment and propose new ideas. This way, we maximize our ability to serve client needs and anticipate market changes. Societe Generale is committed to strengthening bonds with colleagues, communities, and the world in which we live, because relationships are at the heart of how we operate. Please visit our APAC career website: https://www.societegenerale.asia/en/careers/building-your-career-with/ for more information.

Diversity, Equity & Inclusion (DE&I):

Our mission: Recruit, develop, advance, and retain a diverse workforce that is united in our efforts to enhance our competitive position and deliver innovative solutions to our clients.

Our vision:

  • Engaged workforce that is demographically diverse in a way that reflects the communities in which we operate
  • Inclusive culture and workplace that recognizes employees' unique needs and utilizes their diverse talents
  • Engage our community and marketplace, and position the organization to meet the needs of all its clients\

Check out our DE&I initiatives: https://www.societegenerale.asia/en/careers/diversity-equity-inclusion-dei/

Department Description

Reporting to the Group Chief Operating Office Unit (GCOO), the Information Security and Risk (ISR) department in Asia is responsible for securing and steering Information Security and Cybersecurity related risks falling under Global Banking & Investor Solutions' (GBIS) remit.

Diversity and Inclusion

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.
Share

Similar jobs

Jobs & contracts