Cyber Security Lead Analyst

·            Support the day-to-day operational InfoSec activities for a customer unit, aligned to SG global standards and security policies.

·            Perform risk analysis of new business processes and solutions, providing practical security recommendations.

·            Conduct and support Application Sensitivity Assessments (ASA) and Secure by Design (SBD) evaluations.

·            Collaborate with Application owners to complete Secure by Design (SBD) process prior to production deployment.

·            Support the Entity ISOs and Application Owners & Managers for compliance to meet Group KRIs by providing expertise support, collaborative follow-ups.

·            Ensure adherence to industry standards such as NIST, ISO/IEC 27034, OWASP Top10, etc and regulatory requirements such as GDPR, AAS.

·            Efficient enough to manage NIST Barometer Assessments for NORDICS and to meet Group Target for 2026 .

·            Collaborate with development Teams to embed security best practices into software development life cycle (SDLC)

·            Manage and respond to Information Security Incidents, in collaboration with internal and global teams.

·            Perform RAF (Risk Acceptance Framework) and exception management workflows.

·            Deliver and support security awareness programs, including sessions and campaign planning.

·            Liaise with application, infrastructure, and business teams to drive Infrastructure/Hardening and application security control implementations.

Minimum Qualification:

•  Information Security Lead with 6-7  years of experience in Information Security, with a strong focus on GRC and operational security.
• Sound understanding of Cybersecurity concepts, application security, foundational security controls, risk management, and audit processes.
• Strong understanding & Working knowledge of ASA/SBD assessments, TPRM processes, and Risk awareness delivery.
• Strong understanding & ability to manage security standards/frameworks (e.g., ISO 27001, NIST, CIS).
• Should own management of NIST Barometer Assessments for NORDICS and drive to reach 2026 Target .
• Ability to manage security exceptions & RAF Management for NORDICS.
• Ability to govern Vulnerability Management, Security Incident Management , CERT Alerts etc for NORDICS .
• Strong analytical and communication skills with the ability to evaluate risk and recommend controls quickly.
• Identify & evaluate security risks & report appropriately.

• Coordinate with LOD2 to review/create policies, standards & Procedures.

• Relevant certifications related to Cybersecurity like CISM, IS027001, CISSP etc is an added advantage.

We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.

Environment

At Société Générale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious.

Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating and taking action are part of our DNA.

If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!

Still hesitating?
You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices and sharing their skills with charities. There are many ways to get involved.

We are committed to support accelerating our Group’s ESG strategy by implementing ESG principles in all our activities and policies. They are translated in our business activity (ESG assessment, reporting, project management or IT activities), our work environment and in our responsible practices for environment protection.