- Minimum of 10 years of experience in a relevant role, with a proven track record of managing large, geographically dispersed teams, Cyber certificate an added advantage;
- Strong understanding of Infosec, risk management, IAM concepts, and PAM concepts;
- Excellent communication skills and the ability to articulate technical concepts to non-technical stakeholders;
- Proven experience in generating KPIs and developing dashboards for effective reporting;
- Strong organizational and leadership skills, with a focus on achieving operational excellence.
Societe Generale Global Solution Centre (SG GSC) acts as a business solution center for Societe Generale, one of the largest European financial groups. If you are looking for a great career opportunity within the IT world, then you are in the right place.
Our IT Filiere has over 800 IT professionals, delivering services on four perimeters\: Retail Banking, Security and Infrastructure, Internal Support Applications and Investment Banking. And our team is ready to expand and find new awesome colleagues to embark on this journey.
We want to provide you a meaningful career where you feel authentic and love your job. Day after day. Your tasks will be diverse but will have one thing in common\: they will be useful to the community – on local levels and even global scales. Join us in shaping the world of tomorrow. The Future is You!
The Cybersecurity Governance Lead position is a pivotal role within the Group Cyber Filière, in charge of ensuring that identified risk priorities are translated into operational controls effectively deployed, industrialized and onboarding all BU/SU stakeholders with common standards.
Specifically, you will be required to:
- Define the need for cyber controls together with Cyber communities, and leads the control pre-design (i.e. business case, control macro-process);
- Define the budget needs for CHANGE (engines developments, etc.) and RUN (control and local teams resources involved, etc.);
- Set up operationally the control by recruiting the resources and documenting the procedures based on control predesign and Group standards;
- Work closely with development teams [ex. DDS, CFT…) to Set up technically the control; identify in particular the control engines and remediation requirements;
- Onboard entities’ people and assets within the control process (from detection via control engine to remediation, including assets’ compliance with technical prerequisites and teams’ change management);
- Manage security events (prequalification, qualification with remediation actors, closure) and implement derogations & risk acceptance (ex. whitelist update...);
- Produce RUN reporting and indicators (e.g. control deployment status, KPI about security events, follow-up of escalations, KRI…);
- Monitor if the control is covering the risk and running as expected, and report any issue to the relevant stakeholders;
- Improve continuously the control in term of tooling (improve detection, etc.) and process to maximize the risk coverage.