This job has expired, please see additional jobs below
Cyber Security Risk Analyst
Societe Generale
New York, NY, United States
Job Details - this job has expired, please see similar jobs below
Environment
Societe Generale Corporate & Investment Bank (SGCIB) is a leading player with a presence in 33 countries across Europe, the Americas and Asia-Pacific. SGCIB tailors solutions for issuers and investors by capitalizing on its worldwide expertise in investment banking, global finance, and global markets. SGCIB is part of Societe Generale, one of the largest financial services group in the world with 160,000 employees across 77 countries. Based on a diversified universal banking model, the Group combines financial solidity with a strategy of sustainable growth and aims to be the relationship bank of choice that is recognized for the quality and the commitment of its teams.
Independent from the Business Lines, the Risk Management (RISQ) Division's mission is to contribute to the development of the SG Group's activity by facilitating the objectives of the Business Lines while maintaining independent oversight through risk evaluation and monitoring. The RISQ division in the US supports all the activities in the Americas Region (US, Canada and Latin America), which is almost exclusively corporate and investment banking (GBIS) oriented.
Mission
Day-to-Day Responsibilities for the Cyber Security Risk Analyst include:
• Performing technology risk assessments and reports on findings, consult on remediation plans, track status, aggregate results and report to Management.
• Documenting results of assessments and verification activities
• Performing deep-dive controls testing for high risk areas for independent validation of issues and remediation efforts
• Validating effectiveness of current controls and identify potential gaps
• Reviewing assessment results for vulnerabilities, gaps, and control deficiencies and work with business stakeholders to establish plans for sustainable resolution
• Providing guidance for technology processes and procedures to be documented and assist in collecting necessary documentation to facilitate the process.
• Performing engineering review of security control modification proposals and determine the effectiveness of the proposals while determining their ability to meet SG standards
• Speaking and understanding terminology, especially those related to Cyber Security assurance
• Producing and maintain metrics based on the assessment framework
• Determining potential impact of detected gaps and translate that into risk within the established framework
• Developing situational awareness and stay informed of current technology and vulnerabilities
• Performing any tasks to ensure that the Cyber Risk Management Team meets its commitments
Profile
Qualifications:
• Working knowledge of security domains, auditing standards and frameworks, and risk analysis frameworks including FFIEC, NIST Cyber Security Framework, COBIT, etc.
• Knowledge of domestic and international regulatory requirements as a plus
• A broad and diverse security skill-set with advanced understanding of both technical and non-technical controls, and the ability to effectively apply this knowledge when performing assessments
• A minimum base knowledge of networking components and various operating systems and cloud environments
• Ability to identify, assesses and document the severity and potential impact of risks and communicate risk assessment findings to risk owners in a way that consistently drives objective, fact-based decisions
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate actions
• Ability to understand and communicate the business needs and a commitment to delivering high-quality, prompt, and efficient service to the business
Experience Needed:
• 5+ years of experience in information security or related technology experience required,
• Experience in the securities or financial services industry is a plus.
• Cybersecurity related experience in enterprise architecture or engineering
Educational Requirements:
• Bachelor's degree in computer science or a related discipline, or equivalent work experience required
• One or more of the following certifications – CISSP, CISA, CRISC.
• Any other security related certification considered a plus(CEH, Security+, etc)