Cyber Security Information Officer

Societe Generale Global Solution Centre (SG GSC) acts as a business solutions center for Société Générale, one of the largest European financial groups. We provide quality professional services in over 35 countries in various business areas - Finance & Accounting, HR, IT, Insurance, Banking and Corporate Operations. Our mission is to be a partner of choice, valued for owning, transforming and innovating with best-in-class talent.

To be part of the Insurance Business Line in Société Generale Global Solution Centre, means to be at the heart of the group's development, in synergy with all the Retail Banking, Private Banking and specialized financial services businesses, in France and abroad. Its main challenge is to design and deliver fast, easy-to-use IT solutions that are innovative, scalable and secure, inspired and designed with customers, while ensuring quality every day.

Your future team is the Cyber Security Department, in charge of all cyber security domains, including governance and strategy, and covers both France and the 6 countries of the business unit, including Romania, for which you will deliver CISO services.

To deliver CISO services for the Insurance Romania entity, means to be in charge of all Cyber Security domains, IT Risk management and Business Continuity management. He/She applies Société Générale Group and Assurances cyber security, IT Risk and Business continuity strategies, as well as all associated regulatory requirements for the Insurance Romania entity.

As a CISO, you will report:

-          Hierarchically to the cyber security department of Societe Generale Global Solution Center (SG GSC)

-          Functionally to the Romanian entity Head

-          Functionally to Societe Generale Insurance Global CISO

Missions

  To be, as a security referent, the default contact for all security matters within Romanian Insurance entity (SGA)

  Be responsible for the adaptation and implementation of the Société Générale Group Information Systems Security policy and strategy within SGA Romania

  Leads the security function, relying if necessary on the network of Information Systems security correspondents

  Reports on the risk vision of SGA Romania

  Ensures the risk and regulatory reporting of SGA Romania

Activities

  Provide advice, assistance, information, awareness-raising (particularly on best practices), alert and recommendation

  Implement the Société Générale Group Information Systems Security policy and strategy that will have been adapted to SGA Romania and ensure its application within SGA Romania

  Support the definition, implementation and control of Information Systems Security aspects in projects

  Propose solutions to reduce risks to an acceptable level, and ensure that residual risks are accepted by the business lines

  Collect Information Systems Security risk indicators on multiple aspects (legal and regulatory compliance, incidents, audit recommendations, operational security, etc.)

  Prevent security incidents and mitigate their consequences,

-          by coordinating the Incident Management process according to Société Générale Group standards as well as European Digital Operational Resilience Act (DORA) and ITIL best practice;

-          in particular, by supervising and monitoring the vulnerability patching process;

-          by ensuring all other applicable security measures are in place and maintained in time in order to prevent security incidents

-          by participating in IT security incident management cycle: alerting, reporting and investigations in case of such event, and drafting and applying an incident response plan in coordination with BRD (Société Générale bank in Romania), ASSU (SGA) and Société Générale Group security teams. In this framework, oversee the Incident Management process and coordinate the local incident manager function.

-          

  Manage local Information Systems Security exemptions

  Be open to the outside world to stay connected with risks and threats that evolve every day

And in particular,

·     Ensure the general cyber security governance for SGA Romania, in particular organizing the Security Committees and informing top management and ASSU Security about Security progress;

·     Ensure that the cyber security level of SGA Romania is up to the standards of Société Générale and ASSU

·     Participate in local or coordinated Security projects in the Group;

·     Monitor operational systems and alert in case of security incident

·     Perform the ongoing surveillance process for the information systems as well as monitor the fulfillment of the action plans;

·     Manage security reports and indicators specific to Management, authorities, audits

·     Co-ordinate the promotion of IT Security principles and rules within the company

Compliance

·     Assure compliance to local regulatory IT/Sec norms

·     Assure compliance with EU Norms (DORA)

IT Risk

·     Calculate and centralize performance and risk indicators in the Information Security area;

·     Ensure reporting, risk registers, audit reports and completion of KPI and KRI as well as dashboards related to information security to management and ASF authorities.

Business Continuity

·     Supervise business continuity processes in general ( BCP/DRC);

·     Participate in the annual business process impact analysis in business continuity and in the organization of business continuity and crisis management tests;

·     Create and maintain disaster recovery plans for incidents and APT (advanced persistent threats) and act as a central point for their coordination;

User security awareness

·     Identify training needs and awareness-raising on computer security and train employees in the application of preventive measures to limit security threats;

·     Ensure the awareness process for users through local and coordinated actions with BRD, SGA Romania and Société Générale Group.

And furthermore,

·     Ensure Information Security Management in Projects according to Société Générale Group Methodology;

·     Provide security assessments for existing or potential suppliers in order to assess their security maturity level;

·     Prevent security incidents and mitigate their consequences by implementing security measures in the organization’s IT system;

·     Manage vulnerability and penetration testing processes and monitor action plans;

·     Manage recurrent security checks and alerts through SIEM and DLP applications.

·    +5 years in cyber security positions and 10-15 years of experience overall in IT;

Soft skills:

·     Team spirit, curious, proactive,

·     Autonomous, rigorous,

·     Risk-oriented,

·     Able to disseminate IT security user awareness, user awareness oriented,

·     Ability to see the global picture, good communication skills, Oral and written communication, English B2 (oral and written proficiency);

Technical skills:

·     Advanced knowledge of risk analysis methodologies and security key topics (classification, AICT assessment, intrinsic/residual risks, risk scenarios);

·     Knowledge and experience in risk analysis methodologies (e.g.: 27005, EBIOS,…);

·     Knowledge of standards (ISO 2700x, ITIL, NIST, etc.) and security governance principles;

·     Knowledge of security best practices in the field of IT systems management (authorizations, data anonymization, incident management, authentication, backup, archiving, security patch management, antiviral updates, network partitioning, NAC, wifi, etc);

·     Knowledge of security tool administration principles: firewalls, proxies, SIEM, DLP, IDS, IPS, vulnerability scanners like Qualys, IAM systems.

Other technical skills

·     Knowledge in the following methods: Agile, DevOps, CI/CD, Github/Gitlab;

·     Knowledge/experience in security architecture areas

·     Security monitoring / understanding and knowledge of the main security threats (virals, cybercrime, APT) and their distribution methods.

·     Possibly, experience of IT security audit missions

·     Security certifications (CISSP, ISO 2700x, NIST etc.)

SG GSC is a Great Place to Work® certified company. Here, you will find a flexible workplace and culture, autonomy, constant learning opportunities, dynamism, and talented people, making this experience a real career accelerator. You will also discover all the diversity of our businesses, in a sector that is constantly evolving and innovating.

Plus, you will enjoy all our benefits:

• competitive compensation & remuneration, including annual performance bonus; 
• preventive healthcare plan, and group health & life insurance; 
• wide range of flexible benefits within a monthly budget; 
• office perks, wellbeing and mental health programs; 
• various social benefits and bonuses for personal or family events;
• 9-to-5 workday & flexible work environment: hybrid or fully remote if you are located outside Bucharest;
• additional paid and unpaid time off, including Sabbatical leave; 
• learning and growth opportunities based on individual development and career plans; 
• unlimited access to various eLearning resources.  

We are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you’re joining us for a period of months, years, or your entire career, together we can have a positive impact on the future. Creating, daring, innovating, and taking action are part of our DNA.

If you too want to be directly involved, grow in a stimulating and caring environment, feel useful daily and develop or strengthen your expertise, you will feel right at home with us!

Still hesitating?

You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.

We are an equal opportunities employer, and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.