Security GRC Specialist - Regulatory Lead
: Job Details :

ResponsibilitiesThe Security GRC Specialist - Regulatory Lead is an experienced professional in Information Security Governance, Risk management and Compliance functions. The role involves performing security risk assessments and assessing compliance against cybersecurity related external (laws and regulations), internal (company policies) requirements and industry frameworks (NIST CSF, ISO 27001, FFIEC CAT) as well as working with other IT and security teams to implement security solutions, test the effectiveness of security controls, and document the compliance levels. It is a key role to develop, deploy, and manage the security GRC framework for SG AMER.ESSENTIAL JOB FUNCTIONSCybersecurity Regulatory LeadManage the regional cyber regulatory compliance program including: assessing requirements, communicating and working with internal stakeholders to ensure required controls are in place and supporting documentation is maintained. Review controls implemented for appropriateness, effectiveness, and completeness. Assist, follow-up and report on any necessary remediation actions. Act as a subject matter expert for all DFS500-related matters and ensure the bank maintains and enhances its level of compliance with DFS500 requirementsAssist during cyber regulatory examinations by preparing presentations, responses and associated artifactsAct as the subject matter expert to develop and maintain an effective FFIEC CAT framework for the bankManage the FFIEC CAT inherent and maturity assessmentsDevelop related reports and metricsSecurity GRC Framework ContributorMaintain an in-depth understanding of the broad regulatory landscape impacting business and IT areasUnderstand the impact of laws and regulations on company systems and technologyMap external and internal requirements against security controls in placeDevelop and implement the components of the security GRC Framework for SG AMER mapping threats, vulnerabilities, risks, assets, stakeholders, assessments, standards, policies, controls into a holistic lifecycle to achieve Assess and Test Once, Report Multiple TimesActively manage the security GRC framework by: Performing various security risk assessments to identify residual risks and control gapsEnsuring clients, regulatory, and internal requirements are being met consistently and effectivelyEnsuring the required and expected controls are in place and working as they shouldReviewing, and maintaining security policies, standards and procedures as neededRecommending tooling and process improvements of the Security GRC function, including automationProviding multi-level reporting to stakeholders in the companyBuild partnerships across the organization: Audit, Legal, Compliance, Information Technology, business operations, Risk management, etc. to ensure the security GRC program is aligned with business objectives and requirementsDocumentation, Reporting & AnalyticsContribute to the reporting framework that will provide regular metrics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, and current gaps.Profile requiredKNOWLEDGE AND EXPERIENCE8-10 years' demonstrable experience in security GRC, security project management, and other security practicesWorking knowledge of relevant cybersecurity and data privacy regulationsKnowledge of common security frameworks (NIST CSF, ISO 27001, COBIT, FFIEC CAT, etc.)Proficient with MS Office, project management processes, and at least one GRC tool (highly preferred to have experience with RSA Archer)Solid understanding of common security topics (e.g., application security, infrastructure security, vulnerability management, Identity and Access Management, data protection, cyber incident response, cloud security, etc.)Requires strong analytical skills, oral and written communication skills including documentation of requirements, problem solving skills, and project/program management skills and presentation skillsExperience in managing risk and compliance (IT audit, IT or cyber risk management, regulatory compliance)EDUCATION/CERTIFICATIONSDegree in IT, Computer Science, Cybersecurity, or related subject requiredCertified training in security management, risk and compliance solutions and practicesAbility to work towards or has achieved at least one Information Security or Risk Management Certification (Security+, CISSP, CCSP, CCSK, CISA, CISM, GSEC, CRISC, etc.)Why join usBusiness insightOUR CULTURE: At Societe Generale, we live by our 4 core values of commitment, responsibility, team spirit and innovation. We are engaged and demonstrate consideration for others. We act ethically and with courage. We focus our talent and energy on collective success. We experiment and propose new ideas. This way, we maximize our ability to serve client needs and anticipate market changes. Societe Generale is committed to strengthening bonds with colleagues, communities, and the world in which we live, because relationships are at the heart of how we operate.For more information about our Culture and Conduct initiatives, please visit this link ( Our Diversity & Inclusion Mission: Recruit, develop, advance, and retain a diverse workforce that is united in our efforts to enhance our competitive position and deliver innovative solutions to our clients.Our Diversity & Inclusion Vision: • Engaged workforce that is demographically diverse in a way that reflects the communities in which we operate• Inclusive culture and workplace that recognizes employees' unique needs and utilizes their diverse talents • Engage our community and marketplace, and position the organization to meet the needs of all its clientsFor more information about our D&I initiatives, please visit this link ( WORK ENVIRONMENT:For most positions, Societe Generale offers a hybrid work arrangement that offers employees the flexibility to work remotely, as well as on-site, in order to promote interaction and collaboration with colleagues while adhering to all SG standard protocols. Hybrid work arrangements vary based on business area. The applicable Business lines will determine and communicate the work arrangements that best meet their business needs.COMPENSATION & SALARY RANGE:Base salary range does not include overtime pay, bonus and/or other benefits, where applicable. Actual base salary offer will vary based on skills and experience.Reference:24000KRTEntity:SG AMERICAS OPERATIONAL SECURITIESStarting date:2024/10/21Publication date:2024/08/20Salary or Compensation Range:$114,000 - $216,000