Department Description

GCOO/GTE in Asia currently supports Société Générale's IT infrastructures including workstations, computing centres, IT & telecom networks, and remains a major player in the group's digital transition. GTS works in close liaison with Paris to ensure the service continuity to our clients including GBIS, Securities & Private banking. With more than 140 staffs onshore and offshore, RESG/GTS/ASI supports around 3000 users.

GTE/SEC is the operational risk management and security management function of GTE. Being the first line of defence for Societe Generale, its main objectives includes:

• Improve the level of operational risk and security management for GTE
• Enhance the tools and processes to meet new challenges in security
• Meet regulatory expectation around risk management and Cybersecurity
• Raise Security Awareness for SG staffs
• RESPONSIBILITIES
• Lead for critical security projects and provide expertise to drive teams the adapt target security standards (i.e IAM/PAM, vulnerability management topics)
• Supervise and communicate on infrastructure security issues related to workplace, hosting and other infrastructure services, ensure the internal security controls are appropriate and operating.
• Provide security expertise to assist the GTE management and other teams to drive security mindsets, perform security /risk assessment.
• Incident management: Report and follow security incidents and their remedial actions
• Innovate, propose and drive continuous improvement on our security measure for the region and to our clients/partners.
• Work together with other security teams (ISR/ SOC, other LODs) to improve our security protection and incident investigation and management process.
• Manage the security production related topics with all the support teams Operational Risks Domain
• Change management: Conduct security assessment for infrastructure changes
• Be the security Interface with stakeholders at all levels, from technical engineers to senior management locally, regionally and globally
• Cyber reporting: Production of various cyber security reporting (KPIs; KRIs). Coordinate among Infrastructure teams to contribute to external stakeholders reporting and requests
• Coordinate within Infrastructure teams to drive and manage security operations and controls
• Conduct security & risk awareness training to the Infrastructure teams

Responsibilities:

• Lead for critical security projects and provide expertise to drive teams the adapt target security standards (i.e IAM/PAM, vulnerability management topics)
• Supervise and communicate on infrastructure security issues related to workplace, hosting and other infrastructure services, ensure the internal security controls are appropriate and operating.
• Provide security expertise to assist the GTE management and other teams to drive security mindsets, perform security /risk assessment.
• Incident management: Report and follow security incidents and their remedial actions
• Innovate, propose and drive continuous improvement on our security measure for the region and to our clients/partners.
• Work together with other security teams (ISR/ SOC, other LODs) to improve our security protection and incident investigation and management process.
• Manage the security production related topics with all the support teams Operational Risks Domain
• Change management: Conduct security assessment for infrastructure changes
• Be the security Interface with stakeholders at all levels, from technical engineers to senior management locally, regionally and globally
• Cyber reporting: Production of various cyber security reporting (KPIs; KRIs). Coordinate among Infrastructure teams to contribute to external stakeholders reporting and requests
• Coordinate within Infrastructure teams to drive and manage security operations and controls
• Conduct security & risk awareness training to the Infrastructure teams

PROFILE REQUIRE

Knowledge

• Expert knowledge in and IT operational risk management
• Expert knowledge and experience in IT security
• Professional certification recognized by Regulatory bodies like HKMA, e.g. CISM, CISA or CISSP, is mandatory
• Knowledge and experience in IT infrastructure (speak the language, expertise not required)
• Knowledge in technology regulatory requirement like HKMA, SFC, MAS, GDPR, CBIRC, etc. is required
• Project management experience is desired
• Knowledge and experience in a banking environment will be beneficial but not essential

Tools

• Good skills in Microsoft office, especially Excel, PowerPoint
• Knowledge in programming or hands-on experience in scripting on automation
• Knowledge in Identity management solution, SIEM, vulnerability management, and other security produc

Behavioral Skills

• Client - Risk: I strive to satisfy clients while taking into account risks for the company
• Team Spirit - Collective mindset: I favour the team's interest over my own results
• Team Spirit - Synergies: I make cooperation with colleagues in and outside my team a priority
• Commitment - Sustainability: I strive to develop my skills and knowledge
• Responsibility - Risk awareness: I am constantly on the lookout for risks
• Responsibility - Performance: I strive for high performance

Our Culture:

At Societe Generale, we live by our 4 core values of commitment, responsibility, team spirit and innovation. We are engaged and demonstrate consideration for others. We act ethically and with courage. We focus our talent and energy on collective success. We experiment and propose new ideas. This way, we maximize our ability to serve client needs and anticipate market changes. Societe Generale is committed to strengthening bonds with colleagues, communities, and the world in which we live, because relationships are at the heart of how we operate.

Please visit our APAC career website: https://www.societegenerale.asia/en/careers/building-your-career-with/ for more information.

Diversity, Equity & Inclusion (DE&I):

Our mission: Recruit, develop, advance, and retain a diverse workforce that is united in our efforts to enhance our competitive position and deliver innovative solutions to our clients.

Our vision:

• Engaged workforce that is demographically diverse in a way that reflects the communities in which we operate
• Inclusive culture and workplace that recognizes employees' unique needs and utilizes their diverse talents
• Engage our community and marketplace, and position the organization to meet the needs of all its clients

Check out our DE&I initiatives: https://www.societegenerale.asia/en/careers/diversity-equity-inclusion-dei/

Hybrid Work Environment:

Societe Generale offers a hybrid work arrangement that offers employees the flexibility to work remotely, as well as on-site, in order to promote interaction and collaboration with colleagues while adhering to all SG standard protocols. Hybrid work arrangements vary based on business area. The applicable Business lines will determine and communicate the work arrangements that best meet their business needs