Chief Information Security Officer Chief Information Security Officer …

SOCIETE GENERALE Corporate & Investment Banking
in London, England, United Kingdom
Permanent, Full time
Last application, 17 Jun 19
SOCIETE GENERALE Corporate & Investment Banking
in London, England, United Kingdom
Permanent, Full time
Last application, 17 Jun 19
Chief Information Security Officer
People join for the impact they can have on us. They stay for the impact we have on them. A flatter structure offers visibility and exposure beyond that of our competitors, so you know our names, and we know yours. It's personable, human, and inspires success through passion. By encouraging open mindedness and a willingness to share ideas, we have adapted to market changes and thrived through innovation. Bringing words like "hard work" and "dedication" together with "community" and "respect" has enabled us to work collaboratively and build our future together. We call this Team Spirit and it's what makes us different. It's what makes you different.

Description of the Business Line or Department

Regulatory Oversight & Cyber Security (ROCS) Operational Security Managers (OSMs) are the 1st Line of Defence (1LoD) entry point for SG's Global Banking & Investor Solutions (GBIS) support units in SGLB and SGIL, on all topics of operational risks (including but not limited to the RCSA process, incident management, fraud, information security, cyber, governance, risk committees, risk reporting, continuity management, other essential services).

Summary of the key purposes of the Role

The main purpose of this role will be to manage for SG Wholesale across 16 countries in EMEA:

  • Cyber Security risks in line with risk appetite
  • Cyber Security strategy in line with global Wholesale and SG Group security and business strategies
  • Cyber Security business as usual functions

The CISO will also need to manage from a Cyber Security standpoint the following stakeholders: Board members, Business heads, Clients, Regulators and peers.

To achieve these goals the CISO will rely on a team of 5 permanent staff which he will have to manage, ensuring culture, conduct, behavioural and leadership models are fully understood and comprehensively applied, and monitoring and supporting their professional and behavioural development.

The CISO will also comply with all internal rules, including Group Conduct, and all local regulations.

Summary of responsibilities

Your main responsibilities will be:

Define and maintain EMEA Cyber Security strategy

  • Define strategy based on SG group, Wholesale security and business strategies
  • Request funding, steer and deliver relevant Cyber Security projects
    Manage relationship with internal and external stakeholders:
  • Internal Stakeholders: Board members, Business heads, Risk functions, Audit functions, IT functions
  • External Stakeholders: Regulators, External auditors, Peers, Industry wide working groups
    Manage Business as Usual security functions
  • Perform risk assessments on projects, vendors and new products
  • Coordinate penetration tests and vulnerability remediation
  • Manage security incidents
  • Supervise Identity & Access Management
  • Operate controls and remediate anomalies
  • Review and challenge Security exceptions
  • Enhance setup through Run The Bank (RTB) ad hoc initiatives
    Participate and animate Cyber Security committees
  • Participate to global committees (Exception Review Board, Policy Review Board, Control Review Board, ISEC Decisional Committee, etc.)
  • Animate security committees with EMEA locations or Business Units
    Change behaviours around security

  • Perform tailored awareness actions for Business Units, Support Units and EMEA locations
  • Participate to the annual Cyber Security week by providing engaging material allowing to shape the behaviours of users in EMEA
    Dashboards and Reporting

  • Animate monthly committees for SGLB and SGIL businesses and IT functions delivering relevant dashboards
  • Follow-up on actions and help consolidation in global dashboards
    Manage a team of 5 permanent staff including one in a remote location.
  • Define objectives and perform annual review
  • Provide regular feedback throughout the year
  • Perform administrative follow-up
  • Develop and retain staff

Delegated responsibilities

The successful candidate will have the experience, gravitas and confidence when briefing senior executives, to deputise for the CISO in a range of committees, internally, but also externally at industry forums.

Level of Autonomy and Authority

You will have a direct reporting line into the head of Regulatory, Oversight, Cyber Security in EMEA.

You will also have a functional reporting line in to the Global CISO for Wholesale, who functionally reports into the SG Group CISO


  • Graduate from engineering school or University, with a master degree in Information Technology.
  • Cyber security certifications (e.g. CISSP, CISA, CISM) would be a plus.
  • Minimum of 10 years IT Security experience, at least 3 of which have been in a management role.
  • IT Security experience within Financial Services is important
  • Knowledge of Risk analysis methodology
  • Knowledge of Cyber security standards and best practices (e.g. ISO 27001, NIST)
  • Analytical and strong technical knowledge
  • Aptitude for learning new technologies
  • Proficient in Microsoft Office suite
  • Self-learning and training to ensure skills and knowledge are in-line with responsibilities
  • Excellent written and spoken communication skills
  • Very good team player with strong interpersonal skills
  • Openly shares knowledge with the team
  • Fluent in English, fluent in French would be a plus

If you feel you have the required experience and qualifications, then please apply to the SG Resourcing Team, and we will manage your application. At Societe Generale, we believe our people are our strength and are core to the success of our business. As such, we search for, recruit and appoint the best available person on the basis of aptitude and ability, regardless of sex, marital or civil partnership status, race, colour, nationality, ethnic or national origins, pregnancy, disability, age, sexual orientation, religion, belief or gender reassignment.