1. Home
  2. IT development
  3. Information Security GRC Analyst - Security Awareness & Training Program

Offers “Société Générale”

Expires soon
Société Générale

Information Security GRC Analyst - Security Awareness & Training Program

  • Internship
  • Montréal (Agglomération de Montréal)
  • IT development
Apply Now

Job description



Responsibilities

Phishing Campaigns

·  Act as the lead for all phishing campaign matters including execution of weekly campaigns, tracking, and reporting on repeat offenders, coordination with Paris to manage global and local campaigns
·  Review suspicious email reports and follow up with the end users and technical teams as needed to ensure such emails are removed from our environment
·  Act as a subject matter expert and advisor with regards to secure email behavior for all stakeholders
·  Contribute to the enforcement of policy and standard violation
·  Generate phishing metrics across the AMER region Information Security Awareness Campaign and Training

·  Lead the development and delivery of security training programs and awareness campaigns including e-learning modules, in-person trainings, roadshows, e.g.
·  Lead and coordinate security awareness events
·  Provide security practice advice to other non-security professionals, including staff in the business units
·  Maintain the policy and standard documents related to training and awareness
·  Generate security training and awareness metrics across the AMER region

Metrics, KRIs, and KPIs

·  Coordinate with all team members in the CISO's organization to contribute to security GRC metrics, OKRs, KRIs, and KPIs
·  Contribute to the security GRC component of the bank's GRC portal (Archer) in line with our security GRC framework

Documentation, Reporting & Analytics

·  Contribute to the reporting framework to provide regular metrics and statistics about our business and IT environment; analyze trends in security events, activities, etc., to better understand risks, report security metrics and statistics to the Director of Security GRC Third party Information Security Assessments

·  Contribute to the maintenance and monitoring due diligence tasks for third-party vendors
·  Assist with reviews of vendor due diligence materials (i.e., SSAE 18 reports), identify potential issues, and follow up for unresolved issues
·  Assist with the performance of information risk assessments for new vendors and critical vendors

Profile Required

Knowledge & Experience

·  4-6 years' demonstrable experience in Information Security, security GRC, security project management, security policy management, and other security practices
·  Proficient with MS Office, project management software, ProofPoint or SwordPhish (or similar phishing tools), and at least one GRC tool (highly recommended)
·  Solid understanding of common security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software) preferred
·  Requires strong analytical skills, problem solving skills, and project/program management skills
·  Solid training in computer disciplines such as application and data security, systems programming, systems design, computer technology or software disciplines
·  Hands-on experience with performing GRC program functions
·  Excellent communication skills

Education/Certifications

·  Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MS required
·  Certified training in security management, risk and compliance solutions and practices
·  CISSP, CCSP, CISA, CISM, GSEC, CRISC, or related certification(s) required

Business Insight

The Information Security GRC Analyst performs Application Sensitivity Assessments (ASA), leads the Application Risk Heatmap process, assists with the creation and generation of Documentation, Reporting, and Analytics, and assists with the creation and delivery of Information Security Awareness Campaigns and other training programs. The position is hands-on and requires strong project management skills and tactical execution. The position requires a solid knowledge of the regulations (e.g., FFIEC, FDIC, SEC, DFS500) and best security practices (e.g., NIST, ISO) applicable to the financial industry. It is essential that the candidate be able to demonstrate practical and in-depth knowledge of security GRC practices and processes including the use of GRC tools such as Archer, reporting tools such as Tableau.

The ideal candidate is proactive and has a successful track record with execution of programs. The Information Security GRC Analyst is a member of the Security GRC Team and reports to the Director of Security GRC. This position is transversal and requires strong collaboration across the organization (regionally in the Americas and globally with our HQ in Paris).

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents , regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Job code: 20000217
Business unit: SG AMERICAS OPERATIONAL SECURITIES
Starting date: Immediate
Date of publication: 12/06/2020

Make every future a success.
  • Job directory
  • Business directory
    •