Cyber Security Lead - On Prem-Gen2 OSM PAS/PLT

Job Summary:

We are seeking a seasoned Cyber security Lead  to work on the Application risk assessment and
 operational security in our both traditional and private cloud infrastructure and applications.   
 The successful candidate will perform risk assessment, security validation and exceptions, 
 review security incidents, different level of risk assessments, driving security programs and 
 follow the remediation with close Governance.

Responsibilities:

- Conduct risk assessments and security evaluations of private cloud control plane services (API Services) & and On-Prem application/infrastructure
- Identify and assess  threats,  vulnerabilities, risks  and potential attack vectors and prioritize the mitigation
- Assess and manage IT risk treatment in all new projects or infrastructure within its scope (integration of security into projects, secure by design processes)
- Enforce Group policies / standards and/or procedures / good security practices within its department.
- Develop and implement risk mitigation strategies and security controls
- Drive security program such as Pen test and Vulnerability programs globally 
- Evaluate security configurations, policies, and procedures 
- Perform security validations and exceptions for different need  on day to day basis (AV , Browsing exceptions, RAF,admin rights, firewall flow, secureshare access etc.);
- Assess compliance with industry standards and regulatory requirements (e.g., NIST, SOC 2, PCI-DSS, OWASP) 
- Develop and maintain risk management frameworks, playbooks, and reporting dashboards 
- Communicate risk and security recommendations to stakeholders
- Contribute to security audits (internal audit / regulators) within its scope
- Ensure proper work distribution between team members and help team members as and when required 
- To act as a security expert and point of contact on  all the operational security and risk  management activities
- Lead the resolution of security incidents and contribute to the post-mortem investigation of security incidents
- Lead the remediation of critical vulnerabilities in coordination with technical teams, SOC and CERT.
- Monitor and coordinate for timely closure of audit recommendations (internal / regulators), if necessary, intervene in support of operational teams.
- Communicate the status of security audits (internal audit / regulators) as well as the plans for dealing with recommendations.
- Communicate on its activities (definition of relevant KPIs/KRIs) and on security alert points.

Profile Required: 
- 8+ years of experience in application risk assessment, operational security and risk management  or related fields 
- Strong understanding of infrastructure & application security architecture, compliance frameworks, and risk management principles 
- Experience with infrastructure & application security assessments, risk assessments, and security controls implementation 
- Excellent analytical, problem-solving, and communication skills 
- Familiarity with security framework, tools, and technologies (e.g., OSWAP, CSPM, CWPP, CIEM, DAST/SAST) 
- Certifications in risk management, or related fields (e.g., CRISC,CCSP, CISSP)

“We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.

At Société Générale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating, and taking action are part of our DNA. If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!

Still hesitating?
You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.

We are committed to support accelerating our Group’s ESG strategy by implementing ESG principles in all our activities and policies. They are translated in our business activity (ESG assessment, reporting, project management or IT activities), our work environment and in our responsible practices for environment protection.