India Chief Information Security Officer (CISO)

Department Description:
Reporting to the Group Chief Operating Office Unit (GCOO), the Information Security and Risk (ISR) department in Asia is responsible for securing and steering Information Security and Cybersecurity related risks falling under Global Banking & Investor Solutions' (GBIS) remit.

The country Chief Information Security Officer (CISO) in India is responsible to coordinate locally on the application of group cyber security policies and standards in line with local regulation with the ultimate goal of protecting business functions, systems and data. The CISO is responsible for implementing, enhancing and overseeing the information security framework locally with strong synchronisation with regional Cybersecurity experts and functional reporting to regional CISO.

Main Responsibilities

• Lead internal response on Cybersecurity towards regulatory requests, RISQ / audit / inspection or regular submissions ensuring timely and accurate reporting and communication
• Monitor and ensure compliance (coordinate gap analysis and follow-up remediation plans) against local regulations, global policies, and standards related to Cybersecurity
• Responsible for the local implementation of the regional Cybersecurity remediation program aiming to reinforce prevention, protection, detection and response capabilities
• Support local Business Units and Service Units in their transformation providing adequate guidance on Cybersecurity subjects in liaison with regional Cybersecurity experts
• Work with all the local Business Units and Service Units to determine possible cyber risks and relevant mitigations
• Evaluate and manage local security exceptions in alignment with global standards and regulatory expectations
• Be a subject matter expert on subjects alike Cybersecurity regulations, Identity and Access Management, Application Security, Third Party Security, Cloud security, Data protection
• Deliver relevant awareness and training adapted to the current threat landscape
• Respond to and manage local cyber incidents and crises, in coordination with central threat intelligence and cyber incident response functions, involving internal and external stakeholders as appropriate
• Maintain and continuously improve the bank's cyber defense capabilities through operational monitoring of anomalies, and review of internal and external incidents and near misses
• Definition and implementation of the local Cybersecurity governance in alignment with local regulation, global and regional standards and practices
• Ensure scheduling of Penetration Test / Vulnerability Scans and remediation of vulnerabilities in alignment with local regulatory expectations and global standard
• Ensure alignment with regional CISO on Cybersecurity strategy, objectives and initiatives including interactions with regulators
• Perform project, IT, third party risk assessments and provide guidance on risk remediation
• Participation in the review, analysis and monitoring of the entity operational risks and related regulations
• Participation in the entity Crisis and business continuity coordination
• Support analysis and monitoring of the entity outsourced and off-shored services

Required Qualifications:                                                                                                                                                             

- Bachelor Degree in Information Technology or equivalent
- Professional qualification in information security management such as CISSP, CISM, CISA
- Experienced Security Expert with at least 8 years of relevant experience
- Significant experience with India financial sector regulators

Operational Skills:

- Solid understanding of information security concepts, frameworks, standards and best practices
- Strong understanding of IT infrastructure and IT applicative framework architectures
- Strong knowledge of India and global regulation and requirements
- Proven ability to interact with regulators and other external parties on information security matters
- Excellent English verbal and written communication skills, experience of influencing at senior organizational levels, up to and including MD level
- Client oriented mindset, results driven, proactive and quick to react to requests
- Innovative and bringing new ideas to improve processes

Behavioral Skills:
- Client - Risk: I strive to satisfy clients/internal partners while taking into account risks for the company
- Commitment - Inspiration: I communicate a clear vision and strategy 
- Responsibility - Courage: I express my convictions and make decisions with courage
- Responsibility - Risk awareness: I am constantly on the lookout for risks 
- Commitment - Exemplarity: I embody the Group’s values 
- Innovation - Simplification: I make things & ideas simple 

Societe Generale is one of the leading financial services groups in Europe. Based on a diversified universal banking model, the Group combines financial strength with a strategy of sustainable growth, putting its resources to work to finance the economy and its clients’ plans. With a solid position in Europe and a presence in countries with strong potential, the Group’s 145,700 employees in 66 countries support 31 million individual clients, large corporates and institutional investors worldwide by offering a wide range of advisory services and tailored financial solutions.

ASIA-PACIFIC (ASIA), as one of the Business Units of Societe Generale, operates in 12 locations across the Asia Pacific region, employing over 2,500 employees with the regional headquarter located in Hong Kong. Our activities here are centered on Societe Generale's Global Banking & Investor Solutions pole (GBIS), a major growth engine for the Group and a key pillar of Societe Generale's universal banking model. Our expertise in Asia Pacific ranges from Corporate & Investment Banking (Advisory, Financing and Global Markets) to Asset Management, Global Transaction Banking and specialised financial services like Equipment & Vendor Finance and Vehicle Leasing & Fleet Management. In addition, Societe Generale's Global Solution Centre (SGGSC) in Bangalore and Chennai offers customised business solutions to the Societe Generale Group globally including ASIA.

Societe Generale was established in India in the year 1978. In 1985, Societe Generale Bank commenced operations as a Scheduled Commercial Bank in Mumbai. Since then, it has a proud legacy of servicing corporates and clients. New branches were added in Delhi (1993).  Societe Generale not only offers an extensive product portfolio to different market segments, but customizes solutions in investment banking, global finance and global markets. Societe Generale is an equal opportunities employer and believes that a diverse and inclusive workforce should be encouraged and recognized.