Back to offers

Operational Risk Officer- Cybersecurity Risk

Risks
Apply
Permanent contract
New York, New York, United States
Hybrid
Salary from 171,000 to 325,000
Reference 250009D0
Start date 2025/07/28
Publication date 2025/04/25

Responsibilities

The Head of Cybersecurity Risk is seeking to hire a Cybersecurity Risk Manager to join the RISQ/NFR organization. 
This role is responsible for proactively identifying, assessing, mitigating, and reporting cyber risks across the organization, with a strong emphasis on influencing stakeholders at all levels. As a senior position, it requires the ability to effectively engage with senior leadership to drive strategic decisions while also collaborating with teams across the organization to foster a risk-aware culture. Deep expertise in cybersecurity, regulatory compliance, and risk governance is essential to ensure robust protection and alignment with industry standards. Exceptional communication and leadership skills are critical to building trust, driving alignment, and ensuring the successful implementation of cybersecurity practices.
Key areas of cyber risk coverage include reference cyber processes and controls, including, Application Security, Infrastructure Operations, Threat Intelligence & Detection, Identity and Access Management, Data Protection, Network Security, and Cybersecurity Incident Response. The Cybersecurity Risk Manager will be responsible for assessing and evaluating overall cybersecurity risk, maintaining an active overview, and reporting on actual, mitigated, and residual cybersecurity risks within the organization.
Additionally, this role will contribute to the enhancement of second line of defense practices in cybersecurity risk, which encompasses assessments, lifecycle practices, operational incident response, service delivery, and business continuity planning (BCP). 
Day to day responsibilities include but not limited to:

  • Conduct a comprehensive range of technology and cybersecurity risk management lifecycle activities, including risk identification, assessment, reporting, and oversight of remediation planning and execution. This includes performing technical cyber risk assessments in areas such as network security, infrastructure operations, security operations center (SOC), application security (e.g., SAST/DAST), and cloud security (e.g., Azure), as well as evaluating third-party, application, database, infrastructure, and network penetration testing.
  • Collaborate with the Chief Information Security Officer (CISO) and IT organizations to establish standards and policies and develop key risk indicators (KRIs) and key performance indicators (KPIs) for the continuous measurement and monitoring of cyber risks.
  • Manage the IT and Information Security Risk Program using frameworks like FAIR, conducting assurance of cybersecurity controls and recommending enhancements to architectures, processes, and controls to strengthen risk management and regulatory compliance.
  • Evaluate the accuracy, completeness, and sufficiency of the risk management governance framework, processes, and methodologies, while identifying and defining emerging cyber threats and risks to Société Générale’s environment. Challenge critical and highly sensitive processes and controls, including business continuity measures.
  • Develop cybersecurity risk scenarios to identify potential attack vectors and tactics, techniques, and procedures (TTP) to enhance the firm’s cyber defense posture. Lead and support selected cybersecurity remediation efforts and engage in strategic planning with the first line of defense (1LOD).
  • Create and implement tools for aggregating and monitoring cybersecurity, data, and technology risks. Identify legal, regulatory, and contractual requirements, along with organizational policies and standards related to data management systems, to assess their potential impact on business objectives.
  • Enhance operational risk processes, data collection, and issues management tools to track and report operational risks and issues. Participate in reviews of data breaches and technology incident response escalation processes.
  • Actively participating in and conducting reviews and challenges during the Bank's Cybersecurity Tabletop exercises.
  • Ensuring compliance with information security industry regulations and standards specific to the AMER regions, while aligning with broader organizational policies and global best practices.

Profile required

Independent from the Business Lines, the Risk Management (RISQ) Division's mission is to contribute to the development of the SG Group's activity by facilitating the objectives of the Business Lines while maintaining independent oversight through risk evaluation and monitoring. The RISQ division in the US supports all the activities in the Americas Region (US, Canada and Latin America), which is almost exclusively corporate and investment banking (GBIS) oriented.

COMPETENCIES
Required:

  • Proficient understanding of financial services, particularly in risk and regulatory domains.
  • This role requires a comprehensive understanding of technical security concepts, coupled with familiarity with related technologies, infrastructure, and a strong conceptual knowledge of enterprise IT system operations. It also demands experience in evaluating the design and operational effectiveness of technical cybersecurity processes, controls, and the associated risks to ensure robust security measures are in place.
  • Extensive knowledge of emerging cyber risks in the areas of Artificial Intelligence, Machine Learning, and Quantum Computing.
  • Solid foundation in information technology and information security principles, with familiarity in common cybersecurity frameworks and standards, including NIST SP 800-53, NIST CSF, MITRE ATT&CK, CSC Top 20, COBIT, and the ISO 27000 series. 
  • Ability to analyze the root causes of cybersecurity issues and document remediation efforts.
  • Familiar with cyber laws, regulations, frameworks, and guidelines relevant to financial services (e.g., NYSDFS - 23 NYCRR 500, ECB, GDPR, GLBA, Regulation S-P).  Revised and removed.
  • Strong interpersonal and collaborative skills, with the ability to communicate security and risk-related concepts to both technical and non-technical audiences.
  • This role requires a highly meticulous and detail-oriented individual who can effectively manage multiple tasks simultaneously. The ideal candidate demonstrates a high degree of initiative, dependability, and the ability to work independently with minimal supervision. Strong leadership skills, including the ability to lead through influence, are essential for driving collaboration and achieving organizational goals.

TECHNICAL SKILLS

  • Extensive technical skills and expertise in cybersecurity focus areas, including Network Security, Infrastructure Operations, Security Operations Center (SOC), Application Security (e.g., SAST/DAST), Cloud Security (e.g., Azure), Industry-standard Security Stack and related security solutions.
  • Hands-on experience with a wide range of security tools, platforms, and techniques.
  • Strong understanding of cybersecurity threats, defenses, motivations, and techniques.
  • Proficient in vulnerability and patch management processes and tools, penetration testing, incident handling, cyber threat intelligence, threat hunting, and monitoring tools (e.g., SIEM, auditing and log collection tools, network IDS/IPS, malware detection).
  • Solid knowledge of networking technologies (e.g., TCP/IP) and protocols (e.g., SSL, SSH, LDAP, SMTP, DNS).
  • Experienced in integrating vulnerability and patch management tools with IT/IS risk programs, as well as prioritizing and communicating vulnerability remediation efforts.
  • Skilled in performing root cause analysis for technology and cybersecurity incidents.
  • Experienced in developing or defining requirements for GRC (Governance, Risk, and Compliance) management tools.
  • Proficient in Microsoft Office Suite, including Excel, Word, Access, PowerPoint, Outlook, and SharePoint.
  • Strong written and verbal communication skills.

PRIOR WORK EXPERIENCE
Required:

  • Worked in Cybersecurity, Infrastructure and/or Security Operations – 1LOD.
  • Preferably worked in Financial Services/ Banking industry.
  • Preferably also worked in a 2LOD Cyber Security Risk function.
  • Conducted technical cyber security risk assessments.
  • Demonstrated effective communication at Senior Management level.
  • Demonstrated analytical and constructive cyber security risk review and challenge. 
  • Bachelor and or master’s degree in Computer Science, Engineering or relevant technical field.
  • Knowledge of US IT Security regulatory requirements and environment in financial services industry a plus (i.e. FFIEC, FINRA rules, SEC, NIST/Mitre Att&ck cybersecurity frameworks).

Business insight

Societe Generale is committed to offering an inclusive recruitment experience to all candidates. If you require any reasonable accommodations during the recruitment process, please do not hesitate to let our Recruiters know.

OUR CULTURE: 
At Societe Generale, we live by our 4 core values of commitment, responsibility, team spirit and innovation. We are engaged and demonstrate consideration for others. We act ethically and with courage. We focus our talent and energy on collective success. We experiment and propose new ideas. This way, we maximize our ability to serve client needs and anticipate market changes. Societe Generale is committed to strengthening bonds with colleagues, communities, and the world in which we live, because relationships are at the heart of how we operate. For more information about our Culture and Conduct initiatives, please visit this link (https://americas.societegenerale.com/en/careers/get-know-culture/)

D&I: 
Our Diversity & Inclusion Mission: Recruit, develop, advance, and retain a diverse workforce that is united in our efforts to enhance our competitive position and deliver innovative solutions to our clients.
Our Diversity & Inclusion Vision:

  • Engaged workforce that is demographically diverse in a way that reflects the communities in which we operate
  • Inclusive culture and workplace that recognizes employees' unique needs and utilizes their diverse talents
  • Engage our community and marketplace, and position the organization to meet the needs of all its clients

For more information about our D&I initiatives, please visit this link (https://americas.societegenerale.com/en/societe-generale-about/diversity-and-inclusion/)

HYBRID WORK ENVIRONMENT:
Societe Generale offers a hybrid work arrangement that offers employees the flexibility to work remotely, as well as on-site, in order to promote interaction and collaboration with colleagues while adhering to all SG standard protocols.  Hybrid work arrangements vary based on business area.  The applicable business lines will determine and communicate the work arrangements that best meet their business needs.

COMPENSATION:
Base salary range does not include overtime pay, bonus and/or other benefits, where applicable. Actual base salary offer will vary based on skills and experience. The role is eligible for an annual discretionary bonus and includes a competitive benefits package including 401(k) plan with company match, medical/dental/vision, and other benefits for fertility, wellness, student loans and commuters.

Diversity and Inclusion

Societe Generale is an equal opportunity employer, and we are proud to make diversity a strength for our company. We are committed to recognizing and promoting the talents and achievements of our employees and staff, regardless of race, religion, color, national origin, sex, disability, age, gender, sexual orientation, and any other characteristic or status protected under applicable law.
Share

Similar jobs

Jobs & contracts