Analyste Securite projets with french

Societe Generale Global Solution Centre (SG GSC) acts as a business solutions center for Société Générale, one of the largest European financial groups. We provide high quality professional services in over 35 countries in various business areas - Finance & Accounting, HR, IT and Corporate Operations. Our mission is to be a partner of choice, valued for owning, transforming and innovating with best-in-class talent.

Project Description:

SG GSC is looking for a French-speaking Security Risk Analyst who will be part of the team responsible for the security governance of the French entity ASSU and its international subsidiaries (7 subsidiaries, including 6 English-speaking and 1 French-speaking), whose activity concerns the fields of insurance (property and personal insurance).

RESPONSABILITIES

The mission mainly consists of contributing to:

• Analyze and validate security exceptions requests such as route openings, non-standard software installations, etc
• Accompany the IT teams in the implementation of Group security standards for their new/existing applications/infrastructure
• Monitor the security level of ASSU assets
• Follow-up on audit results of applications, third parties (partners, delegated entities, suppliers, etc.) and physical sites, carried out by another department or by the department itself, relating to the integration of vulnerabilities identified in risk analyses and the monitoring of associated remediation action plans
• Security support for business projects using risk analysis by identifying business issues, security requirements, associated action plans, and assessing intrinsic and residual risks for internal and third-party projects

And to a lesser extent:

• Managing IT operational risks (IT risks) at Société Générale Assurances:

o   Maintaining and updating the ASSU referential

o   Development and maintenance of dashboards to monitor the progress of initiatives.

What you will do:

•  Security files (and intermediate deliverables such as safety classification, expression of project safety needs, residual risk assessment for business managers)
•  Security risk analysis and if required, risk acceptance forms
•  Reporting elements, dashboards of security and risk indicators
•  Managerial presentations (for IT and business) on the projects

• Advanced knowledge of risk analysis methodologies and security key topics (classification, AICT assessment, intrinsic/residual risks, risk scenarios)
• Knowledge of standards (ISO 2700x, ITIL, COBIT, etc.) and security governance principles.

Knowledge of security best practices in the field of IT systems management (authorizations, data anonymization, incident management, authentication, backup, archiving, security patch management, antiviral updates, network partitioning, NAC, wifi, etc)

• Knowledge of security tool administration principles: firewalls, proxies, SIEM, DLP, IDS, IPS, vulnerability scanners like Qualys, IAM systems

To a lesser extent:

• Knowledge/experience in security architecture areas
• Security monitoring / understanding and knowledge of the main security threats (virals, cybercrime, APT) and their distribution methods.
• Possibly, experience of IT security audit missions
• Security certifications (CISSP, ISO 27001, ISO 27005, NIST etc.)

Other skills:

• French (oral and written proficiency)
• English (oral and written proficiency)
• Knowledge of Excel and Powerpoint tools

SG GSC is a Great Place to Work® certified company. Here, you will find a flexible workplace and culture, autonomy, constant learning opportunities, dynamism, and talented people, making this experience a real career accelerator. You will also discover all the diversity of our businesses, in a sector that is constantly evolving and innovating.Plus, you will enjoy all our benefits:

• competitive compensation & remuneration, including annual performance bonus; 
• preventive healthcare plan, and group health & life insurance; 
• wide range of flexible benefits within a monthly budget; 
• office perks, wellbeing and mental health programs; 
• various social benefits and bonuses for personal or family events; 
• 9-to-5 workday & flexible working environment (Hybrid);
• additional paid and unpaid time off, including Sabbatical leave; 
• learning and growth opportunities based on individual development and career plans; 
• unlimited access to various eLearning resources. 

We are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you’re joining us for a period of months, years, or your entire career, together we can have a positive impact on the future. Creating, daring, innovating, and taking action are part of our DNA.

If you too want to be directly involved, grow in a stimulating and caring environment, feel useful daily and develop or strengthen your expertise, you will feel right at home with us!

Still hesitating?

You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.

We are an equal opportunities employer, and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.