Vice President, IT Operational Security Manager

  • Competitive
  • Hong Kong
  • Permanent, Full time
  • Societe Generale
  • 23 Aug 17

Vice President, IT Operational Security Manager


Environment

SG CIB is the Corporate and Investment Banking arm of the Société Générale Group. Present in over 50 countries across Europe, the Americas and Asia. SG CIB provides corporate, financial institutions, investors and public sector clients with value-added integrated financial solutions.

Mission

Primary Objectives

In alignment with the Head of Security and Anti-Fraud Expertise (SAFE) Information Security, Asia Pacific to ensure Global Banking & Investor Solutions' (GBIS) Information Risk & Security coverage strategy.

This role acts as a subject expert and part of the regional team managing Cybercrime, Application Security, Identity Management, Technical surveillance and response to Security Incidents.

In specifics of areas coverage includes:

  • Contribute to projects initiated by Paris head office or the regions
  • Handling of regulators across the region as well as lateral peer groups including Computer Security, Human Resources, Legal, Compliance and front office. Where required, the candidate will assist in senior management meetings and communication.
Participation in Committees
  • Participate to the regular functional meeting with the global and aligned team
  • Participate to the stand-up delivery meeting every morning, (Incident related) Participate to the weekly Incident Review meeting of Security and Anti-Fraud Expertise (SAFE) department in Asia
  • Participate on need basis to global forums (Control Review Board, global Security Incidents, Investigations, tool related meetings)
  • Participate to the IT partner projects kick-off meeting (aka "routing meeting")


Profile

Key Skill Areas & Knowledge Required

  • Strong understanding of I.T. infrastructure and I.T. applicative framework architectures
  • Strong background of Information and Computer Security
  • I.T Production awareness and ability to understand complex issues quickly and set priorities according to technical as well as strategic considerations
  • Excellent English verbal and written communication skills, experience of influencing at senior organizational levels, up to and including MD level
  • Sense of service; results orientation; reactivity
  • Innovative and bringing new ideas to improve processes
  • Perform software security testing at a unit, functional, and system wide level
  • Risk Assessment
  • Assess application criticality and to ensure security reviews are professionally managed, in accordance with existing application security policies and standards
  • Perform information security risk assessments which includes project review, assessment of offshoring agents and services, security exception management, ad hoc spot checks of risky areas as well as other security controls


Incident Response / Investigation

  • Manage the investigation function regionally, by executing sensitive enquiries relating to Information Security breaches (and fraud, when required) in the region
  • This will involve working across various stakeholder groups, including control functions and law enforcement. Also included is the management of the Bank's cyber attack response protocol and following up on other suspicious activity generated by the detection system

Remediation / Awareness

  • Provide Information and Cyber Security training to our business partners to reinforce the information security awareness knowledge and mindset
  • Put Cyber criminality and protection awareness at the heart of the relationship with peers and partners
Projects / Regulation
  • Contribute to projects initiated by Paris head office or the regions
  • Handling of regulators across the region as well as lateral peer groups including I.T. Security, Human Resources, Legal, Compliance and front office. Where required, the candidate will assist in senior management meetings and communication
  • Contact point for regulatory requirements review and discussion
Participation in Committees
  • Regional and global governance meetings and normative committees where required
  • Regular governance committee between SAFE and other Technology teams in Asia
  • Daily team stand-up meeting
  • Regular operational committee of integration projects
  • Participation of various IT initiatives, e.g. Digital Transformation program
Qualifications
  • Bachelor Degree in Information Technology or equivalent
  • Professional qualification such as ITIL, CISM, CISSP
  • Seasoned professional with exposure to IT and Information Security regulations
  • Experience in normative security
  • Excellent communication skills and fluent in English
  • Experienced Security Expert with a minimum of 10 years of experience