Environment The Regulatory Oversight and Cyber Security group (ROCS) is responsible for the identification, assessment, monitoring, remediation and reporting of operational risks within the Global Banking Investor Solutions division(GBIS). The Data & Cyber Security group is responsible for management of Information Security and Cyber Security frameworks for the entire perimeter. The Senior Security Engineer provides security technical expertise and guidance to the various teams responsible for the deployment and management of the bank's infrastructure and network programs. More specifically, the ideal candidate works side by side with technical and project teams to ensure that security best practices and required controls are in place throughout the bank's infrastructure and network. It is essential that the candidate be able to demonstrate practical and in-depth knowledge of security engineering practices and processes including the use of various security tools such as IDS/IPS, AV, IAM, Firewalls, Endpoint, etc. It is preferred that the candidate possess a solid knowledge of the regulations (e.g., FFIEC, FDIC, SEC, DFS500) and best security practices (e.g., NIST, ISO) applicable to the financial industry. The ideal candidate is an excellent communicator, able to translate technical language into business and risk language. Collaboration is key as the position requires working across multiple teams inside and outside of the CISO organization (regionally in the Americas and globally).
Mission Day-to-Day Responsibilities:
Working with the technical teams, test, select, architect, and deploy security technical solutions and processes for the bank's infrastructure and network
Once engineering work is completed on projects and tool deployment, develop on-going and sustainable documentation to support all new tools, processes, etc.
Support continuous monitoring activities such as vulnerability scanning in collaboration with the VM team
Offer consultation to the CISO and the security incident task force once a security incident/breach has occurred
Participate in "routing meetings" to ensure data security and protection controls are embedded in new applications/systems before going into production
Collaborate with the Application Security Engineer and their team on projects as needed
Provide support in all aspects of security engineering, security tools and processes during audit and regulatory exams
Collect and automate (whenever possible) security metrics to demonstrate risk reduction for the bank and to produce reports for multiple audiences such as executive management (board of directors, e.g.), auditors, technical staff, etc.
Contribute to the global strategy and roadmap to ensure security activities are effectively reducing the bank's risk exposure due to confidentiality/integrity issues, data leakages/thefts, unsecure systems, and other threats/risks
Contribute to the design and implementation of an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; report security metrics and statistics to the CISO and other key stakeholders throughout the bank
Manage any security business practice irregularities, violations and infractions including exceptions, risk memos, security position memos
Prepare annual detailed plans for security reviews/audits and any other compliance tasks required internally or externally (e.g., firewall rule reviews)
Act as a subject matter expert and advisor with regards to security engineering requirements for all stakeholders
Profile Technical Skills:
Strong knowledge of operating systems, relational database architecture, client/server technology, wide and local area networks, communications protocols, real-time systems, mission-critical systems, and various types of computer equipment, operating systems, etc.
In-depth and hands-on experience with network security solutions such as Firewalls, IPS/IDS, Web Application Firewalls, Network Monitoring systems, VPN, etc
Extensive training in engineering disciplines including systems programming, systems design, computer technology, and software disciplines
Operations management, project management, and system implementation management skills
Ability to influence the IT organization in integrating security measures and tools in their systems
Strong analytical skills, problem solving skills and project management skills
5-7 years' work experience in network support, programming or operations required
3-5 years' hands-on work experience in various security domains including security technologies
Past experience managing small to mid-sized teams
Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MIS required
Certified training in security management, risk and compliance solutions and practices. CISSP, CISA, CISM, GSEC, CRISC, or related certification(s) required
Internal Number: 5931659
About SOCIETE GENERALE
eFinancialCareers is a career site specializing in financial services.