SG CIB is the Corporate and Investment Banking arm of the Société Générale Group. Present in over 50 countries across Europe, the Americas and Asia.SG CIB provides corporate, financial institutions, investors and public sector clients with value-added integrated financial solutions.
In alignment with the Head of Security and Anti-Fraud Expertise (SAFE) Information Security, Asia Pacific to ensure Global Banking & Investor Solutions' (GBIS) Information Risk & Security coverage strategy.
This role acts as a subject matter expert and part of the regional team managing Cybercrime, Application Security, Identity Management, Technical surveillance and response to Security Incidents.
- Perform software security testing at a unit, functional, and system wide level
- Act as Software Security resource on assigned projects Analysis of security logs/events and escalation of security incidents
- Perform manual and/or automated secure code reviews
- Support application security initiatives and related remediation activities globally
- Conduct security risk analysis of business and technology projects
- Proactively work with product development teams to identify security requirements
- Develop and deliver software security focused training in coordination with our global teams
- Produce monthly security key risk indicators for senior management
- Participate in project work sessions and assist in developing solutions leveraging core risk and security policies as they relate to Infrastructure security
Projects / Regulatory Compliance
- The Application Security activity encompasses controls taken throughout the code's life-cycle to prevent gaps in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.
- This starts with application criticality evaluation and ownership definition, and includes review of all IT projects against security policies, and industry accepted effective practices, vulnerability scanning of our most critical applications from the front end to the back end in partnership with the infrastructure and development teams, coordination for the remediation of found issues and enforcement of compliance with security policies through regular controls and spot checks, and awareness to IT teams on secure development lifecycle and source review.
- The Operation Security Manager serves as the go-to person on software security controls and best practices for the Americas. The successful incumbent will also work closely with Application Security analysts, who will assess software security by performing security testing in partnership with external ethical hackers, participate in code reviews and work in partnership with software development teams to ensure that appropriate software security controls have been designed and built within applications, assess the criticality of all business applications, perform risk review of vendor packages, and produces management Key risk indicators on a regular basis, and project manages specific security initiatives and represents our region to Application Information Security global committees.
Participation in Committees
- Contribute to projects initiated by Paris head office or the regions.
- Handling of regulators across the region as well as lateral peer groups including Computer Security, Human Resources, Legal, Compliance and front office. Where required, the candidate will assist in senior management meetings and communication.
- Participate in regular functional meeting with the global and aligned team
- Participate in stand-up delivery meeting every morning
- Regarding incident related matters, participate in weekly Incident Review meeting of SAFE Asia
- Participate (as needed) on global forums (Control Review Board, Global Security Incidents, Investigations and tool related meetings)
- Participate in meetings in relation to kick-start of IT partner projects
- Bachelor Degree in Information Technology or equivalent
- Professional qualification such as ITIL, CISM, CISSP
- Experienced Security Expert with 5-8 years of relevant experience
- Strong understanding of IT infrastructure and IT applicative framework architectures
- Strong background of Information and Computer Security
- IT Production awareness and ability to understand complex issues quickly and set priorities according to technical as well as strategic considerations
- Excellent English verbal and written communication skills, experience of influencing at senior organizational levels, up to and including MD level
- Client oriented mindset, results driven, proactive and quick to react to requests
- Innovative and bringing new ideas to improve processes.