The Head of Cybersecurity Risk is seeking to hire a Cybersecurity Risk Manager to join the RISQ/NFR organization.
This role is responsible for proactively identifying, assessing, mitigating, and reporting cyber risks across the organization, with a strong emphasis on influencing stakeholders at all levels. As a senior position, it requires the ability to effectively engage with senior leadership to drive strategic decisions while also collaborating with teams across the organization to foster a risk-aware culture. Deep expertise in cybersecurity, regulatory compliance, and risk governance is essential to ensure robust protection and alignment with industry standards. Exceptional communication and leadership skills are critical to building trust, driving alignment, and ensuring the successful implementation of cybersecurity practices.
Key areas of cyber risk coverage include reference cyber processes and controls, including, Application Security, Infrastructure Operations, Threat Intelligence & Detection, Identity and Access Management, Data Protection, Network Security, and Cybersecurity Incident Response. The Cybersecurity Risk Manager will be responsible for assessing and evaluating overall cybersecurity risk, maintaining an active overview, and reporting on actual, mitigated, and residual cybersecurity risks within the organization.
Additionally, this role will contribute to the enhancement of second line of defense practices in cybersecurity risk, which encompasses assessments, lifecycle practices, operational incident response, service delivery, and business continuity planning (BCP).
Day to day responsibilities include but not limited to:

Conduct a comprehensive range of technology and cybersecurity risk management lifecycle activities, including risk identification, assessment, reporting, and oversight of remediation planning and execution. This includes performing technical cyber risk assessments in areas such as network security, infrastructure operations, security operations center (SOC), application security (e.g., SAST/DAST), and cloud security (e.g., Azure), as well as evaluating third-party, application, database, infrastructure, and network penetration testing.
Collaborate with the Chief Information Security Officer (CISO) and IT organizations to establish standards and policies and develop key risk indicators (KRIs) and key performance indicators (KPIs) for the continuous measurement and monitoring of cyber risks.
Manage the IT and Information Security Risk Program using frameworks like FAIR, conducting assurance of cybersecurity controls and recommending enhancements to architectures, processes, and controls to strengthen risk management and regulatory compliance.
Evaluate the accuracy, completeness, and sufficiency of the risk management governance framework, processes, and methodologies, while identifying and defining emerging cyber threats and risks to Société Générale’s environment. Challenge critical and highly sensitive processes and controls, including business continuity measures.
Develop cybersecurity risk scenarios to identify potential attack vectors and tactics, techniques, and procedures (TTP) to enhance the firm’s cyber defense posture. Lead and support selected cybersecurity remediation efforts and engage in strategic planning with the first line of defense (1LOD).
Create and implement tools for aggregating and monitoring cybersecurity, data, and technology risks. Identify legal, regulatory, and contractual requirements, along with organizational policies and standards related to data management systems, to assess their potential impact on business objectives.
Enhance operational risk processes, data collection, and issues management tools to track and report operational risks and issues. Participate in reviews of data breaches and technology incident response escalation processes.
Actively participating in and conducting reviews and challenges during the Bank's Cybersecurity Tabletop exercises.
Ensuring compliance with information security industry regulations and standards specific to the AMER regions, while aligning with broader organizational policies and global best practices.

See more open positions at Societe Generale

Privacy policy Cookie policy

Getro.org is a community-driven initiative to ease the impact of COVID-19 by connecting tech professionals and hiring companies. It's free for job seekers and companies, and curated by a growing list of referral partners.