Job Summary: The Information Security and Identity Access Management Officer for India Securities are responsible for overseeing and responding to all information security regulatory matters for the India Securities entity, ensuring compliance with local regulations while aligning with Socit Gnrale Group cybersecurity policies and standards. Furthermore, it has a key role on supporting the implementation of the Identity and Access Management programme on the wide APAC region, including access recertification and application onboarding. In addition, this role provides well-rounded information security knowledge to support a range of transversal cybersecurity functions across APAC, such as regulatory topics and security assessments, working closely with regional cybersecurity experts and reporting functionally to the regional CISO to ensure effective alignment with both Group and regional objectives.

Main Responsibilities:
    Lead internal response on Cybersecurity towards regulatory requests, RISQ / audit / inspection or regular submissions ensuring timely and accurate reporting and communication
    Monitor and ensure compliance (coordinate gap analysis and follow-up remediation plans) against local regulations, global policies, and standards related to Cybersecurity
    Responsible for the local implementation of the regional Cybersecurity remediation program aiming to reinforce prevention, protection, detection and response capabilities
    Support local Business Units and Service Units in their transformation providing adequate guidance on Cybersecurity subjects in liaison with regional Cybersecurity experts
    Work with all the local Business Units and Service Units to determine possible cyber risks and relevant mitigations
    Evaluate and manage local security exceptions in alignment with global standards and regulatory expectations
    Be a subject matter expert on subjects alike Cybersecurity regulations, Identity and Access Management, Application Security, Third Party Security, Cloud security, Data protection
    Deliver relevant awareness and training adapted to the current threat landscape
    Respond to and manage local cyber incidents and crises, in coordination with central threat intelligence and cyber incident response functions, involving internal and external stakeholders as appropriate
    Maintain and continuously improve the bank's cyber defense capabilities through operational monitoring of anomalies, and review of internal and external incidents and near misses
    Definition and implementation of the local Cybersecurity governance in alignment with local regulation, global and regional standards and practices
    Ensure scheduling of Penetration Test / Vulnerability Scans and remediation of vulnerabilities in alignment with local regulatory expectations and global standard
    Ensure alignment with regional CISO on Cybersecurity strategy, objectives and initiatives including interactions with regulators
    Perform project, IT, third party risk assessments and provide guidance on risk remediation
    Participation in the review, analysis and monitoring of the entity operational risks and related regulations
    Participation in the entity Crisis and business continuity coordination
    Support analysis and monitoring of the entity outsourced and off-shored services
    Support ISR regional function delivering and driving on areas such as Regulatory Management, Security Assessments and Incident Response
    50% of workload will act as subject matter expert (SME) in the Identity & Access Management (IAM) domain.
    Support the delivery of IAM topics across the APAC region, working collaboratively with regional and global staff
    Regional IAM SME accountable for standards, best practices, and secure delivery of IAM project, run, and control activities.
    Govern IAM processes and changes, ensuring risk identification, mitigation, documentation, and SOP adherence.
    Oversee IAM control design, effectiveness, and compliance, supporting audits, remediation, and regulatory expectations.
    Drive continuous improvement and automation, coordinating with Cybersecurity, global, and local teams to strengthen access, privilege, and lifecycle controls.

Academic Background and Certifications, Experience: 
    Bachelors degree in information technology or equivalent
    Professional qualification in information security management such as CISSP, CISM, CISA
    Experienced Security Expert with at least 8 years of relevant experience
    Experience with India financial sector regulators mandatory, ideally with the Securities and Exchange Board of India (SEBI)
    Experience and strong understanding of Identity and Access Management topic required, including topic such as privileged access management, access lifecycle, access entitlements management
    Experience with CyberArk related technologies advantageous
    Experience in cyber incidents response advantageous
    Experience with AI advantageous

Operational Skills:
    Solid understanding of information security concepts, frameworks, standards and best practices
    Proven ability to interact with regulators and auditors on information security matters
    Strong analytical skills, and audit mentality
    Strong understanding of IT infrastructure and IT applicative framework architectures
    Strong knowledge of India and global regulation and requirements
    Excellent English verbal and written communication skills, experience of influencing at senior organizational levels, up to and including MD level
    Client oriented mindset, results driven, proactive and quick to react to requests
    Innovative and bringing new ideas to improve processes

OUR CULTURE: 
At Societe Generale, we live by our 4 core values of commitment, responsibility, team spirit and innovation. We are engaged and demonstrate consideration for others. We act ethically and with courage. We focus our talent and energy on collective success. We experiment and propose new ideas. This way, we maximize our ability to serve client needs and anticipate market changes. Societe Generale is committed to strengthening bonds with colleagues, communities, and the world in which we live, because relationships are at the heart of how we operate. Please visit our APAC career website: https://www.societegenerale.asia/en/careers/building-your-career-with/ for more information.

DIVERSITY, EQUITY & INCLUSION (DE&I):
Our mission: Recruit, develop, advance, and retain a diverse workforce that is united in our efforts to enhance our competitive position and deliver innovative solutions to our clients.
Our vision: 
    Engaged workforce that is demographically diverse in a way that reflects the communities in which we operate
    Inclusive culture and workplace that recognizes employees' unique needs and utilizes their diverse talents 
    Engage our community and marketplace, and position the organization to meet the needs of all its clients
    Check out our DE&I initiatives: https://www.societegenerale.asia/en/careers/diversity-equity-inclusion-dei/

HYBRID WORK ENVIRONMENT:
Societe Generale offers a hybrid work arrangement that offers employees the flexibility to work remotely, as well as on-site, in order to promote interaction and collaboration with colleagues while adhering to all SG standard protocols.  Hybrid work arrangements vary based on business area.  The applicable Business lines will determine and communicate the work arrangements that best meet their business needs.

Diversity and Inclusion