Security Risk Analyst with French

Societe Generale Global Solution Centre (SG GSC) acts as a business solutions center for Société Générale, one of the largest European financial groups. We provide high quality professional services in over 35 countries in various business areas - Finance & Accounting, HR, IT and Corporate Operations. Our mission is to be a partner of choice, valued for owning, transforming and innovating with best-in-class talent.

Project Description:

SG GSC is looking for a French-speaking Security Risk Analyst who will be part of the team responsible for the security governance o whose activity concerns the fields of insurance (property and personal insurance)

RESPONSABILITIES

The mission mainly consists of contributing to:

· Security support for business projects using risk analysis by identifying business issues, security requirements, associated action plans, and assessing residual risks for internal and third-party projects

·  Perform application security assessment for new and existing applications

·  Review/negotiate security contractual clauses for various ASSU outsourcings

·  Analyze and validate security exceptions requests

· Create and present to the business owners the results of various security tests in case vulnerabilities are found

And to a lesser extent:

· Actions to control the security level of applications.

· Support the deployment of the security framework for France/International projects.

· Managing IT operational risks (IT risks) at Société Générale Assurances:

o   Maintaining and updating the ASSU referential

o   Development and maintenance of dashboards to monitor the progress of initiatives.

What you will do:

· Security files (and intermediate deliverables such as safety classification, expression of project safety needs, residual risk assessment for business managers);

· Managerial presentation supports (IT and business) on projects;

· Interviews with IT, business owners and other stakeholders to determine applications sensitivity levels.

• Advanced knowledge of risk analysis methodologies and security key topics (classification, AICT assessment, intrinsic/residual risks, risk scenarios)
• Knowledge of standards (ISO 2700x, ITIL, COBIT, etc.) and security governance principles.

Knowledge of security best practices in the field of IT systems management (authorizations, data anonymization, incident management, authentication, backup, archiving, security patch management, antiviral updates, network partitioning, NAC, wifi, etc)

To a lesser extent:

• Knowledge/experience in security architecture areas
• Knowledge of the principles of administration of security tools: firewall, proxy, SIEM, DLP, IDS, IPS, Qualys type vulnerability scanner, IAM systems, etc.
• Security monitoring / understanding and knowledge of the main security threats (virals, cybercrime, APT) and their distribution methods.
• Possibly, experience of IT security audit missions
• Security certifications (CISSP, ISO 27001, ISO 27005, etc.)

Other appreciated skills:

• English (oral and written proficiency)
• French (oral and written proficiency)
• Knowledge of Excel and Powerpoint tools

SG GSC is a Great Place to Work® certified company. Here, you will find a flexible workplace and culture, autonomy, constant learning opportunities, dynamism, and talented people, making this experience a real career accelerator. You will also discover all the diversity of our businesses, in a sector that is constantly evolving and innovating.Plus, you will enjoy all our benefits:

• competitive compensation & remuneration, including annual performance bonus; 
• preventive healthcare plan, and group health & life insurance; 
• wide range of flexible benefits within a monthly budget; 
• office perks, wellbeing and mental health programs; 
• various social benefits and bonuses for personal or family events; 
• 9-to-5 workday & flexible working environment (Hybrid);
• additional paid and unpaid time off, including Sabbatical leave; 
• learning and growth opportunities based on individual development and career plans; 
• unlimited access to various eLearning resources. 

We are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you’re joining us for a period of months, years, or your entire career, together we can have a positive impact on the future. Creating, daring, innovating, and taking action are part of our DNA.

If you too want to be directly involved, grow in a stimulating and caring environment, feel useful daily and develop or strengthen your expertise, you will feel right at home with us!

Still hesitating?

You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.

We are an equal opportunities employer, and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.