Societe Generale

Responsibilities

The country CISO (Chief Information Security Officer) in China is responsible to coordinate and deliver locally on the application of group cyber security policies and standards in line with local regulation. The CISO is responsible for implementing, enhancing and overseeing the information security framework locally with strong synchronisation with regional Cybersecurity experts and functional reporting to regional CISO. The CISO is also responsible with regulatory interactions and maintaining ongoing compliance.

This is an individual contributor position where first hand experience, and technical knowledge in performing cyber security functions such as cyber risk assessments (e.g. of IT systems, or third parties) and management of local cyber incidents is required.

Main Responsibilities as CISO

• Lead response on Cybersecurity towards regulatory requests, RISQ / audit /inspection or regular submissions ensuring timely and accurate reporting and communication
• Monitor and ensure compliance (coordinate gap analysis and follow-up remediation plans) against local regulations, global policies, and standards related to Cybersecurity
• Responsible for the local implementation of the regional Cybersecurity remediation program aiming to reinforce prevention, protection, detection and response capabilities
• Lead response to local Cybersecurity incidents in coordination with the regional incident response team
• Support local Business Units and Service Units in their transformation providing adequate guidance on Cybersecurity subjects in liason with regional Cybersecurity experts
• Work with all the local Business Units and Service Units to determine possible cyber risks and relevant mitigations
• Evaluate and manage local security exceptions in alignment with global standards
• Be a subject matter expert on subjects alike Cybersecurity regulations, Identity and Access Management, Application Security, Third Party Security, Cloud security, Data protection and Incident management
• Deliver relevant awareness and training adapted to the current threat landscape
• Maintain and continuously improve the bank's cyber defense capabilities through operational monitoring of anomalies, incident management,
• Definition and implementation of the local Cybersecurity governance in alignment with local regulation, global and regional standards and practices
• Ensure alignment with regional CISO on Cybersecurity strategy, objectives and initiatives including interactions with regulators
• Maintain close interaction with regulators for all aspects related to Cybersecurity
• Oversee closure of regulatory recommendations
• Work closely with Compliance to understand impact of new/existing Cybersecurity regulations

Profile required

Academic Background and Certifications, Experience

• Bachelor Degree in Information Technology or equivalent
• Professional qualification in information security management such as CISSP, CISM, CISA
• Experienced Security Expert with 10+ years of relevant experience
• At least 10 years in banking or relevant industries
• Significant experience in interacting and managing compliance with Banking regulators

Operational Skills

• Direct experience in running cyber security reviews/audit, IT cybersecurity risk assessments, third party cyber risk assessment
• Solid understanding of information security concepts, frameworks, standards and best practices
• Strong understanding of IT infrastructure and IT applicative framework architectures
• Strong knowledge of local and global regulation and requirements
• Proven ability to interact with regulators and other external parties on information securty matters
• Excellent English verbal and written communication skills, experience of influencing at senior organizational levels,
• up to and including MD level
• Client oriented mindset, results driven, proactive and quick to react to requests
• Innovative and bringing new ideas to improve processes.

Behavioral Skills

• Client - Risk: I strive to satisfy clients/internal partners while taking into account risks for the company
• Commitment - Inspiration: I communicate a clear vision and strategy
• Responsibility - Courage: I express my convictions and make decisions with courage
• Responsibility - Risk awareness: I am constantly on the lookout for risks
• Commitment - Exemplarity: I embody the Group’s values
• Innovation - Simplification: I make things & ideas simple 

Business insight

Company Description

Societe Generale is one of the leading European financial services groups. Based on a diversified and integrated banking model, the Group combines financial strength and proven expertise in innovation with a strategy of sustainable growth. Committed to the positive transformations of the world’s societies and economies, Societe Generale seeks to build together with its clients, a better and sustainable future through responsible and innovative financial solutions. Active in the real economy for over 150 years, with a solid position in Europe and connected to the rest of the world, Societe Generale has over 117,000 employees and supports 25 million individual clients, businesses and institutional investors worldwide (figures as of August 2023). We have a presence in 11 locations across Asia Pacific. With our regional headquarters in Hong Kong – a core hub of the worldwide Societe Generale Group – we employ around 2,300 employees in the region. In addition, Societe Generale's Global Solution Centre (SGGSC) in Bangalore and Chennai supports the Group in Asia Pacific and globally with customised business solutions.

Department Description

Reporting within the Global Business Service Unit (GBSU) to the IT Risk And Production Management (RPM) department, the Data & Cybersecurity (DCS) team is responsible for securing and steering Information Security and Cybersecurity related risks falling under Global Banking & Investor Solutions' (GBIS) remit.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.