Cybersecurity Manager

Societe Generale Global Solution Centre (SG GSC) acts as a business solution center for Societe Generale, one of the largest European financial groups. If you are looking for a great career opportunity within the IT world, then you are in the right place. 

Our IT Filiere has over 800 IT professionals, delivering services on four perimeters: Retail Banking, Security and Infrastructure, Internal Support Applications, and Investment Banking. And our team is ready to expand and find new awesome colleagues to embark on this journey. 

We want to provide you a meaningful career where you feel authentic and love your job. Day after day. Your tasks will be diverse but will have one thing in common: they will be useful to the community – on local levels and even global scales. Join us in shaping the world of tomorrow. The Future is You! 

The ISR TCF Manager in GSC RO is accountable for the management of ISR/TCF controls related to IAM Recertifications (User and IT Recertification) and management of running periodic Campaigns that are strategic and critical for Security controls operations within the Global GCOO organization. 

ISR/ TCF is the Information Security & Risks – Transversal Cyber Function (ISR/TCF) within the Global ISR organization. 

The Manager of ISR/TCF team will have the functional responsibility in capacity of the PO (process Officer) towards Identity & Access Management (IAM) team which oversees the Recertification campaigns for the group.  As the PO for IAM and responsible for improving:

• The standardization of the controls (aligned the WHATS campaign to the IAM IT Standard;
• Design and keep the standards of Quality Control on all WHATS campaigns;
• Contribute to the IAM community by proposing standardization and leading transversal topics around controls effectiveness;
• Lead the IAM process workflow discovery/documentation effort, etc) and contributing to local and global transformation at ISR community level;
• Create and update MyCyberRisk (MCR) reporting and control integration to MCR;
• Ensure the yearly evaluation process of the control under his supervision for the Barometer. Adapt the controls to the SG NIST framework requirement. And formalize the evidences needed to support these evaluation;
• Ensure that the managerial control through MyControl are performed in the frequency that is adapted to each control.

In addition, the ISR/TCF PO will also be responsible for leading the local ISR/TCF team in GSC RO and the responsibilities will include (but not limited to):

• Run and improve continuously the activities managed by the team in coordination with teams in India as well realted to exception management, security risk assestments, security consultancy and others.
• Governance and KPI management - RACI and SLAs with the stakeholders involved in each of the managed processes.  Define and provide KPIs required to steer the performance of the team and activities.
• People management: take in charge the management of the team in Romania from recruitment, performance, workload management, career development for resources reporting to you directly.
• Budget management: to manage the budget, billing, recoveries for the G3C activities out of Romania.
• Operational and Risk Management - Ensure that the managerial control through MyControl is performed in the frequency that is adapted to each control. 
• Be the full process owner and contribute to industrialization of standards and processes, aiming for synergies and continuous improvement. Ensure a fluid communication within the team and with main partners.
• Collaborative mindset: exposure in working with cross-cultural teams and peers in India and France.
• Engage – actively engage with local/global CISOs, Head of IAM community, tooling teams and even the Group CISO on IAM related topics.

The role will have reporting on 2 Axis which are:

•          Global Head of CCM in GSC’s
•          GSC RO Head of CTC (Capabilities and Transformation Centre)

The position will part of the CCM Exco at GSC level and to the Cyber control Exco within France.

General Responsabilities

•           Operational Management for the coordinated team.
•        Establishes the operational objectives and priorities for the teams within the allocated perimeter, as per the strategy of the business line and of the organization. Contributes to achieving the global objectives within the managed perimeter.
• Participates together with the direct manager in defining the budget and monitoring costs. Ensures efficient management of direct costs, mainly through the pyramid / seniority of employees, overtime, training and transportation costs.
• Is Responsible for the implementation of the risk framework through risk assessment, risk monitoring and periodic controls. Proposes & implements improvement actions.
• Collaborates with actors from France, SG GSC Romania and India.
• Alignment on priorities as defined by the GH of CCM globally and contribute effectively to develop the expertise within his/her direct responsibility.
• Is directly involved in specific change Management projects of the department, develops and pursues strategies to ensure the success of the department by acting as an ambassador for ISR / TCF and GSC.
• As the IAM PO (Process Officer), the role will be responsible for:

• Preparation of the IAM campaigns, Running the campaigns, that will included (but not limited to):

             i.  IAM recertifications (DUAR, TAR, WHATS) and IAM controls (POPS bypass, POPS Deprovisioning);

             ii.  Follow-up, UAR orphan accounts coverage, LAC – login collusion;

             iii. Shared folders control, DDT controls);

             iv. IAM user assistance services and IAM processes analysis.

• Ensure reporting from campaigns is completed as per the policies defined by CCM and TCF global organization;
• Ensure accuracy and Quality of reporting data following Identify and Access Lifecycle;
• Review progress on the Audit recommendations (if any) in a timely manner with adequate governance and control;
• Ensure that the managerial control through MyControl is performed in the frequency that is adapted to each control;
• Ensure to provide the right level of support to the governance leads and campaign managers and be the 1st level for escalation for the IAM recertification process;
• Take Full Accountability of NIST/ECB, better integration with communities and CISOs etc;
• Build a view on strengths, develop knowledge of the different processes and focus on areas of priorities and grow seniority within TCF perimeter in RO.

       9. Manages and supervise campaigns according to ISR standards and quality. 

• Guarantees the quality of deliverables under his/her responsibility (formalization and accuracy) while seeking to maximize value delivered:
• Takes lead on operational tpics to ensure the proecesses and activities are reviewed on regualr periodicity to ensure robust knolwedge management and processes are put in place and is contribting to simplicatio of processes where needed. 
• Monitors performance to ensure that teams will achieve all the objectives defined in the specific  role objectives.
• Follows the performance of the teams managed, supporting the identification of corrective actions, if necessary, and opportunities for improvement.
• Supports subordinates in complex situations, representing the level of escalation for complex situations and problems reported by partners.
  

  10. Team Management

·       Provides guidance and leadership for the teams he/she is coordinating. Inspires teams to strive to exceed defined objectives where possible, and to identify opportunities for continuous improvement of their own performance;

·       Promote operationnal efficiency initiative by finding ways to organize the team in the most efficient way to deliver the services. Propose arbitration to the management to support this;

·       Ensures an ethical, inclusive, balanced work environment focused on communication, continuous learning and engagement;

·       Constantly monitors the degree of satisfaction and commitment of the teams, taking the necessary actions to increase the engagement level and is actively involved in the selection process of new team members;

·       Ensures the team has the adequate competencies (soft/hard) to fulfill its responsibilities. Creates and follows the annual training plan for the team, ensuring that each team member has an individual development plan. Collaborates with the Learning & Development department to implement individual development plans;

·       Guides and assists team members during their professional development (identification of professional opportunities, training / development needs). In this sense, s/he ensures that s/he organizes with each subordinate at least one annual career discussion;

·       Ensures the existence of succession plans for key positions in the department;

·     Provides operational, organizational and management support to team leaders/ other subordinates.

Technical Skills/ Knowledge needed for the role:

•       Technical Background of IAM Arc for efficient coordination and arbitration;
•       Cyber Security knowledge – understanding of security best practices, Frameworks (NIST, ISO 27001) and security compliance standards (GDPR, SOX, etc.);
•       Strong analytical skills to - Identify, Assess and Mitigate IAM related risks;
•          Experience with Privileged Access Management (PAM) tools;
•       Problem solving and Leadership skills in managing IAM projects, Migrations and / or implementing new IAM solutions;
•           Robust understanding of the IAM framework, platforms such as SailPoint and MS Azure AD.

Leadership skills for the Role:

• Strong organizational skills to handle multiple priorities effectively.
• Ability to analyse complex issues and devise efficient solutions.
• Robust communication with ability to translate technical concepts to non-technical stakeholders.
• Collaboration with IT teams, Security teams and BU / SU to align IAM priorities.
• Team Management experience working in a multi-cultural environment.