Chief Information Security Officer
People join for the impact they can have on us. They stay for the impact we have on them. A flatter structure offers visibility and exposure beyond that of our competitors, so you know our names, and we know yours. It's personable, human, and inspires success through passion. By encouraging open mindedness and a willingness to share ideas, we have adapted to market changes and thrived through innovation. Bringing words like "hard work" and "dedication" together with "community" and "respect" has enabled us to work collaboratively and build our future together. We call this Team Spirit and it's what makes us different. It's what makes you different. Mission Description of the Business Line or Department
Regulatory Oversight & Cyber Security (ROCS) Operational Security Managers (OSMs) are the 1st Line of Defence (1LoD) entry point for SG's Global Banking & Investor Solutions (GBIS) support units in SGLB and SGIL, on all topics of operational risks (including but not limited to the RCSA process, incident management, fraud, information security, cyber, governance, risk committees, risk reporting, continuity management, other essential services). Summary of the key purposes of the Role
The main purpose of this role will be to manage for SG Wholesale across 16 countries in EMEA:
- Cyber Security risks in line with risk appetite
- Cyber Security strategy in line with global Wholesale and SG Group security and business strategies
- Cyber Security business as usual functions
The CISO will also need to manage from a Cyber Security standpoint the following stakeholders: Board members, Business heads, Clients, Regulators and peers.
To achieve these goals the CISO will rely on a team of 5 permanent staff which he will have to manage, ensuring culture, conduct, behavioural and leadership models are fully understood and comprehensively applied, and monitoring and supporting their professional and behavioural development.
The CISO will also comply with all internal rules, including Group Conduct, and all local regulations. Summary of responsibilities
Your main responsibilities will be:
Define and maintain EMEA Cyber Security strategy
- Define strategy based on SG group, Wholesale security and business strategies
- Request funding, steer and deliver relevant Cyber Security projects
Manage relationship with internal and external stakeholders:
- Internal Stakeholders: Board members, Business heads, Risk functions, Audit functions, IT functions
- External Stakeholders: Regulators, External auditors, Peers, Industry wide working groups
Manage Business as Usual security functions
- Perform risk assessments on projects, vendors and new products
- Coordinate penetration tests and vulnerability remediation
- Manage security incidents
- Supervise Identity & Access Management
- Operate controls and remediate anomalies
- Review and challenge Security exceptions
- Enhance setup through Run The Bank (RTB) ad hoc initiatives
Participate and animate Cyber Security committees
- Participate to global committees (Exception Review Board, Policy Review Board, Control Review Board, ISEC Decisional Committee, etc.)
- Animate security committees with EMEA locations or Business Units
Change behaviours around security
- Perform tailored awareness actions for Business Units, Support Units and EMEA locations
- Participate to the annual Cyber Security week by providing engaging material allowing to shape the behaviours of users in EMEA
Dashboards and Reporting
- Animate monthly committees for SGLB and SGIL businesses and IT functions delivering relevant dashboards
- Follow-up on actions and help consolidation in global dashboards
Manage a team of 5 permanent staff including one in a remote location.
- Define objectives and perform annual review
- Provide regular feedback throughout the year
- Perform administrative follow-up
- Develop and retain staff
The successful candidate will have the experience, gravitas and confidence when briefing senior executives, to deputise for the CISO in a range of committees, internally, but also externally at industry forums. Level of Autonomy and Authority
You will have a direct reporting line into the head of Regulatory, Oversight, Cyber Security in EMEA.
You will also have a functional reporting line in to the Global CISO for Wholesale, who functionally reports into the SG Group CISO Profile Competencies
- Graduate from engineering school or University, with a master degree in Information Technology.
- Cyber security certifications (e.g. CISSP, CISA, CISM) would be a plus.
- Minimum of 10 years IT Security experience, at least 3 of which have been in a management role.
- IT Security experience within Financial Services is important
- Knowledge of Risk analysis methodology
- Knowledge of Cyber security standards and best practices (e.g. ISO 27001, NIST)
- Analytical and strong technical knowledge
- Aptitude for learning new technologies
- Proficient in Microsoft Office suite
- Self-learning and training to ensure skills and knowledge are in-line with responsibilities
- Excellent written and spoken communication skills
- Very good team player with strong interpersonal skills
- Openly shares knowledge with the team
- Fluent in English, fluent in French would be a plus
If you feel you have the required experience and qualifications, then please apply to the SG Resourcing Team, and we will manage your application. At Societe Generale, we believe our people are our strength and are core to the success of our business. As such, we search for, recruit and appoint the best available person on the basis of aptitude and ability, regardless of sex, marital or civil partnership status, race, colour, nationality, ethnic or national origins, pregnancy, disability, age, sexual orientation, religion, belief or gender reassignment.