Chief Information Security Officer
- Hong Kong Hong Kong Hong Kong HK
- Permanent, Full time
- Societe Generale
- 22 Jul 18 2018-07-22
Chief Information Security Officer
"Societe Generale is one of the leading European financial services groups. Founded in 1864, we have been playing a vital role in the economy for over 150 years. With more than 148,000 employees based in 76 countries worldwide, we accompany 32 million clients throughout the world on a daily basis. Based on a diversified universal banking model, the Group combines financial strength with a strategy of sustainable growth.
Our expertise in the Asia Pacific region ranges from Corporate & Investment Banking (Advisory, Financing and Global Markets) to Asset Management, Securities Services, Trade Finance and Cash Management Services. Leveraging on our formidable global footprint, we serve corporates, financial institutions and the public sector. With our regional headquarters in Hong Kong, we operate in 11 countries across Asia Pacific, employing over 6,600 employees. You can find us in Beijing, Seoul, Tokyo, Singapore, Mumbai, Sydney and other locations in the region.
At Societe Generale we have developed - and continue to develop - advanced programmes to support your career development. A diverse and comprehensive Learning & Development programme, a Junior programme for graduates and a Remuneration policy that stimulates your growth are just a few examples that illustrate how we help you to fulfill yourself personally and professionally, and how we develop your ability to adapt to ever-changing environments and transform challenges into opportunities."
This position in Regulatory, Oversight and Cyber Security "ROCS" will be responsible to provide comprehensive and integrated risk management information, as well as management of information security and cybersecurity frameworks for Wholesale Banking perimeter.
The role of CISO is dedicated to strengthen the bank's Information Security Program as part of first line of defense.
CISO is the head of IT security, driving the IT security strategy and implementation forward whilst protecting the bank from cyber security threats. This is a senior position overseeing the management of the cyber security team and act as a change agent to continuously improve information security framework.
- Ensure the full deployment of all information security processes and controls across Asia Pacific locations, in accordance with the global information security strategies
- Understand local regulatory requirements on cybersecurity and define optimized control requirements to mitigate relevant risks. Support local CISO in implementing the cybersecurity program
- Act as the primary control point during significant information security events. Lead security incident investigation and ensure security risks are identified and managed
- Conduct continuous assessment of information security practices and systems and identifying areas for improvement
- Manage the exception framework on Asia Pacific perimeter including validation of exceptions and risk dispensation forms as applicable
- Manage third party risk assessments process to ensure risk transparency and enable risk based decision making
- Coordinate internal and external audit and lead the resolution of audit actions relating to information security
- Represent the region on internal and external committees that relate to information and cyber security
- Report information security risks to the internal control co-ordination committee and being an active member of the senior management team
- Develop and implement a local / regional information security awareness program. Champion and educate the bank about the latest security risks, strategies and technologies
Academic Background and Certifications
University degree in Business ; Relevant professional qualification is desirable
This role requires an energetic self-starter who can liaise with different levels of management both regionally and globally.
- Over 15 years' industry experience in information security
- Preferably with CISO experience in large financial institution
- Industry qualifications such as CISSP, CISA, CISM, CRISC certification
- Extensive experience with regulatory engagements and dealing with compliance subjects
- Experience in managing large scale IT security projects
- Strong knowledge on Asia regulatory requirements
- Ability to work in a matrix organization to build relationship across business functions
- Proven influencing skills and ability to communicate with different levels of management and diverse stakeholder groups
Responsibility - Risk awareness: I am constantly on the lookout for risks
Commitment - Inspiration: I support the vision and the strategy
Team Spirit - Conflict Management: I deal with conflicts proactively and in a positive mode
Client - Understanding and Respect- I listen to clients and colleagues in order to understand and anticipate their needs
Responsibility - Courage: I express my convictions and make decisions with courage and respect.
Innovation - Simplification: I make things & ideas simple
Other behavioral skills
Ability to work in a challenging environment
Critical thinking skills
Interacting with various people