Description de Poste
Overview
The Vulnerability Management Lead is responsible for the AMER region’s vulnerability management and configuration management program. The position requires excellent communication skills (written and verbal) and a strong ability to influence others. The ideal candidate will demonstrate practical and in-depth knowledge of running an effective vulnerability and/or configuration management program, including dynamically responding to emerging threats in the financial services industry.
Reference 25000Q4P
Responsibilities
- Lead the AMER vulnerability & configuration management programs – act as the main point of contact and expert in Vulnerability Management and configuration management; including overseeing the risk of zero-day vulnerabilities, oversee patching/remediation and risk acceptance of vulnerabilities where appropriate.
- Oversee the discovery, evaluation, and implementation of vulnerability scanning, patch and configuration review, penetration testing.
- Present operating and steering committees for projects to senior management on a quarterly basis.
- Develop and oversee annual roadmaps of initiatives to align with overall InfoSec and business objectives/strategy.
- Develop and manage detailed vulnerability reviews and assessments, and patching and configuration reviews: (1) Assess potential damage of security flaws and assist in the implementation of corrective actions; (2) Identify, document, and report security issues and concerns to management; and (3) Monitor corrective actions and recommending cost-effective preventive measures to preclude recurrences.
- Review and sign-off on all recommendations on possible improvements resulting from the work performed as part of projects.
- Draft and publish communications for management as new threats emerge.
- Improve the reporting framework that will provide regular metrics and statistics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; report security metrics and statistics to the CISO and other key stakeholders such as the COO, CIO, and CTO.
Required
LANGUAGE: Ability to communicate in English, both orally and in writing, is a requirement as the person in this position will need to collaborate regularly with colleagues and partners in the United States.
Why join us
OUR BENEFITS: Competitive compensation & benefits offering.
WHAT WE DO DIFFERENTLY AT SOCIÉTÉ GÉNÉRALE: Fully sponsored virtual healthcare assistance and Employee Assistance Program for you and your immediate family. Various Employee Resource Groups (ERG) to engage with such as Pride and Allies, American Women Network, Black Leadership Network, One planet, etc. A culture of continuous development with various training programs (online training and coaching platform such as Coursera, GoFluent, Pluralsight, First Finance, and others).
Business insight: Societe Generale is committed to offering an inclusive recruitment experience. If you require any reasonable accommodations during the recruitment process, please let our Recruiters know.
OUR CULTURE: Societe Generale values commitment, responsibility, team spirit and innovation. We strive for an inclusive workplace and equal opportunity. For more information about our Culture and Conduct initiatives, please visit our culture page. D&I: Our Diversity & Inclusion Mission and Vision emphasize an engaged and diverse workforce and an inclusive culture. For more information about our D&I initiatives, please visit our diversity page.
Societe Generale is an equal opportunity employer.
Vous devez être connecté pour pouvoir ajouter un emploi aux favoris
Connexion ou Créez un compte