Cyber Security Consultant - SEC/OPM/COO-OSM

Job Summary:

We are seeking a seasoned Cybersecurity Consultant to support operational security and risk management activities across both traditional and cloud infrastructures and applications. The ideal candidate will be responsible for executing security validations and managing exception processes, reviewing security incidents, conducting multi‑level risk assessments, and driving security initiatives. This role also involves overseeing remediation efforts with strong governance, addressing identified risks and vulnerabilities, and developing strategies to enhance overall security posture and ensure compliance.

Responsibilities:

Risk Management & Security Assessment

- Conduct comprehensive risk assessments and security evaluations for on‑premise and cloud  applications and infrastructure.
- Identify and assess threats, vulnerabilities, risks, and potential attack vectors, and prioritize mitigation efforts.
- Maintain up‑to‑date security risk assessments and benchmarks for all products, services, and infrastructure within scope.
- Assess and manage IT risk treatment for new projects and infrastructures, ensuring security‑by‑design principles are applied.
- Carry out regular security assessments of critical infrastructure, including penetration tests, high‑privilege account reviews, hardening checks, and secure-by-design validations.

Security Governance & Compliance

- Enforce group security policies, standards, procedures, and best practices.
- Evaluate security configurations, policies, and procedures, ensuring alignment with security frameworks.
- Assess compliance with industry standards and regulatory requirements (e.g., NIST, ECB, SOC 2, PCI‑DSS, OWASP).
- Develop and maintain risk management frameworks, playbooks, KPIs/KRIs, and security reporting dashboards.
- Disseminate updates to group policies, standards, and IT governance decisions across the reporting department.

Security Operations & Incident Management

- Act as the primary security expert and point of contact for operational security and risk management activities.
- Perform day‑to‑day security validations and manage security exceptions.
- Drive global security programs such as penetration testing and vulnerability management.
- Lead resolution of security incidents and contribute to post‑mortem investigations.
- Coordinate remediation of critical vulnerabilities with technical teams, SOC, and CERT.
- Alert management promptly upon detecting security anomalies within the functional scope.

Audit & Stakeholder Coordination

- Contribute to internal and regulatory security audits.
- Monitor and coordinate treatment of security risks and ensure timely closure of audit recommendations.
- Communicate regularly with stakeholders regarding security risks, mitigation plans, and audit statuses.
- Provide clear security recommendations and risk insights to leadership and technical teams.

- 10+ years of experience in operational security and risk management domains.
- Strong understanding of infrastructure and application security architectures, compliance frameworks, and core risk management principles.
- Proven experience conducting security assessments, risk assessments, and implementing effective security controls across complex environments.
- Excellent analytical, problem‑solving, and communication skills, with the ability to articulate risks and recommendations to technical and non‑technical stakeholders.
- Familiarity with security frameworks, tools, and technologies, including NIST Cybersecurity Framework, ISO/IEC 27001, CIS Benchmarks, OWASP Top 10, CSPM, CWPP, CIEM, and DAST/SAST solutions.
- Relevant professional certifications such as CRISC, CISSP,  CCSP,  CCSK, or equivalent credentials in  risk management and cloud security.

We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status

At Société Générale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating, and taking action are part of our DNA. If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!

Still hesitating? 
You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.

We are committed to support accelerating our Group’s ESG strategy by implementing ESG principles in all our activities and policies. They are translated in our business activity (ESG assessment, reporting, project management or IT activities), our work environment and in our responsible practices for environment protection.