Information Security Specialist

  • Competitive
  • Hong Kong Hong Kong Hong Kong HK
  • Permanent, Full time
  • Societe Generale
  • 15 Aug 18 2018-08-15

Information Security Specialist


Environment

Societe Generale is one of the leading European financial services groups. Founded in 1864, we have been playing a vital role in the economy for over 150 years. With more than 148,000 employees based in 76 countries worldwide, we accompany 32 million clients throughout the world on a daily basis. Based on a diversified universal banking model, the Group combines financial strength with a strategy of sustainable growth.

Our expertise in the Asia Pacific region ranges from Corporate & Investment Banking (Advisory, Financing and Global Markets) to Asset Management, Securities Services, Trade Finance and Cash Management Services. Leveraging on our formidable global footprint, we serve Corporates, Financial Institutions and the public sector. With our regional headquarters in Hong Kong, we operate in 11 countries across Asia Pacific, employing over 6,600 employees. You can find us in Beijing, Seoul, Tokyo, Singapore, Mumbai, Sydney and other locations in the region.

At Societe Generale we have developed - and continue to develop - advanced programmes to support your career development. A diverse and comprehensive Learning & Development programme, a Junior programme for graduates and a Remuneration policy that stimulates your growth are just a few examples that illustrate how we help you to fulfil yourself personally and professionally, and how we develop your ability to adapt to ever-changing environments and transform challenges into opportunities.

RESG/GTS in Asia currently supports Société Générale's IT infrastructures including workstations, computing centres, IT & telecom networks, and remains a major player in the group's digital transition. GTS works in close liaison with Paris to ensure the service continuity to our clients including GBIS, Securities & Private banking. With more than 140 staffs onshore and offshore, RESG/GTS/ASI supports around 3000 users.

GTS/SEC is the operational risk management and security management function of GTS. Being the first line of defence for Societe Generale, its main objectives includes:

  • Improve the level of operational risk and security management for GTS
  • Enhance the tools and processes to meet new challenges in security
  • Meet regulatory expectation around risk management and Cybersecurity
  • Raise Security Awareness for SG staffs


Mission

Responsibilities:




  • Work closely with SOC in daily operation and review security requirements
  • Exception management: Evaluate and manage infrastructure security exceptions
  • Vulnerability management: Conduct scan, reporting and remediation follow-up
  • Incident management: Report and follow security incidents and their remedial actions
  • Change management: Conduct security assessment for infrastructure changes
  • Review security architecture proposed by other infrastructure teams
  • Deliver innovation initiative to improve overall infrastructure security and efficiency
  • Manage and execute the Infrastructure related security projects
  • Be the security Interface with stakeholders at all levels, from technical engineers to senior management locally, regionally and globally
  • Work closely with other risk and security departments, including all 3 lines of defence
  • Facilitate and coordinate Audit and Inspection missions
  • Cyber reporting: Production of various cyber security reporting (KPIs; KRIs). Coordinate among Infrastructure teams to contribute to external stakeholders reporting and requests
  • Coordinate within Infrastructure teams the review and execution of operational / managerial supervision controls to ensure adequate risk coverage and compliance with global / local regulations;
  • Follow-up the correction of managerial supervision anomalies and action plans
  • Risk Control Self-Assessment (RCSA) for RESG/GTS in Asia
  • Manage the CLSA framework of Infrastructure teams
  • Conduct security & risk awareness training to the Infrastructure teams


Profile

Knowledge

  • Expert knowledge in and IT operational risk management
  • Expert knowledge and experience in IT security
  • Professional certification recognized by Regulatory bodies like HKMA, e.g. CISM, CISA or CISSP, is mandatory
  • Knowledge and experience in IT infrastructure (speak the language, expertise not required)
  • Knowledge in technology regulatory requirement like HKMA, SFC, MAS, GDPR, CBIRC, etc. is required
  • Project management experience is desired
  • Knowledge and experience in a banking environment will be beneficial but not essential



Tools


  • Good skills in Microsoft office, especially Excel, PowerPoint
  • Knowledge in programming or hands-on experience in scripting on automation
  • Knowledge in Identity management solution, SIEM, vulnerability management, and other security products

Soft Skills

  • Good verbal, written, and interpersonal communication skills
  • Able to organize time, multitask, and define priorities (autonomy)
  • Able to interact with all level of the organization from operators to executive management members
  • Must be able to work collaboratively within a complex organization, across multiple cultures, geographies and disciplines



Language

  • English proficiency required - other spoken languages in the region or French are a plus.