Description of the Business Line or Department The Risk Management (RISQ) Division in the UK: Independent from the Business Lines, RISQ Division's mission is to contribute to the development of the SG Group's activity by facilitating the objectives of the Business Lines while maintaining independent oversight through risk evaluation and monitoring. The mission of the Operational Risk Second Line of Defence department (RISQ OPE) is to provide independent, objective and leading operational risk management challenge and oversight services to assist the firm in maintaining an effective system of operational risk management. RISQ OPE conducts the oversight of the governance, risk and control frameworks and tolerances of Operational Risk. RISQ OPE provides proactive advice to help management identify and measure key risks, and to evaluate controls in existing and expanding businesses. An objective is to accompany the employees and raise awareness on the importance of operational risk management which is based on the principle that "everyone is an operational risk manager". RISQ OPE organises and/or tests the soundness and efficiency of the operational risk framework, especially on governance, risk identification and mitigation as well as permanent controls The role covers all Business Unit and Service Units within the SG International Limited ("SGIL") entity Summary of the key purposes of the role
In this role, the Operational Risk Supervisor needs to assess the First Line of Defence (1 LOD) framework in the identification and management of its operational risks, defining and implementing the right remediation plan and challenge, if required, the risk acceptance taken by the business line (through the governance such as (operational risk committees) or normal day to day interaction on incidents...). This role applies to existing business as well as key projects or by conducting analysis and providing an opinion in new product committees. The Operational Risk Supervisor should also make sure that the first level of control framework (on operational risk) is adapted and efficient. The Operational Risk Supervisor needs to ensure that the processes and governance around operational risk (Incident Collection/Reporting, RCSA, Permanent Supervision, etc...) respect the group policies and norms. He/She will challenge and may conduct investigations/post mortems and follow-up on red flags and corrective action items. In case of major risk identification or a risk that is not appropriately managed by the department in charge (or lacking of department in charge) the Operational Risk Supervisor has the duty to escalate the information through the appropriate channel starting with his/her management. In the context of the Leadership model, the Operational Risk Supervisor will invest its time and skills towards team work, act ethically and with courage, propose new ideas and contribute to change management, and finally lead as an example and by its support to colleagues or other teams. All these actions and values will contribute to the development of client positive impact (client being internal or external). Summary of responsibilities Primary Responsibilities as a member of RISQ/OPE
Participate in LOD1 committees such as IT Risk, Information Security and Cyber Security, understand their operational and cyber resilience exposure for the SGIL products, services and processes.
Evaluate the scope of the information security management organization and determine whether essential security functions are being addressed effectively for the following:
Implementation of information security architecture, policies and procedures.
Alignment of information security strategies within business and functional units.
Provide independent opinion, analysis and expert judgement to RISQ/OPE management with an assessment of the effectiveness of the information systems and security management processes. The processes are:
Data management lifecycle and protection management.
Security in project lifecycle which includes applications and IT infrastructure.
Access control and user identity management.
Configuration management of other security tools such as intrusion detection and penetration testing systems and antimalware.
Information security incident management and security forensics.
Review management of information security technologies within SGIL UK, formally challenge governance of information security processes, enforcement of policies and monitoring.
Provide advice on proposal or decision made by business lines related to processes, tools or solutions related to operational risk management.
Perform independent analysis of the LOD1 reports to provide expert judgement for the areas specific to IT / Cyber incidents, non-compliant information systems, data leakage/breach and non-compliant to the Group's information security policies.
Assess the robustness and sustainability of the Business Continuity Management (BCM) framework and governance of the associated processes embedded with SGIL Business and Service Units. Review adequacy of the BCP test plan and challenge the test results assuring effectiveness of the Business Continuity arrangements.
Develop knowledge (e.g. participate or engage industrial working group/forum) and advise on (market) best practices related on risk management
Produce and animate the necessary operational reporting and governance for the executive committee in line with the local risk teams.
Assist RISQ/OPE with implementation of its wider Operational Risk coverage agenda on such topics as: outsourced services; New Products Approvals; etc.
Participate or coordinate with other second line teams and third line exercises as well as regulator requests on operational risk
Delegated responsibilities May assist or represent the SGIL Head of RISQ/OPE in Risk Committees Level of Autonomy and Authority Operational risk Supervisors are involved in assessing risks and recommending appropriate mitigating actions or ensuring escalation is taking place. The role also encompasses decisions to norms or existing policies on their perimeter of responsibilities. The Operational Risk Supervisors are allowed to validate exceptions within the risk appetite, where there is no apparent or minimal risk or should escalate to the business or his/her management if not able to make a decision.
All our positions are open to people with disabilities
Competencies IT/IS Risk and Cyber Security knowledge
-Operational Risk Processes Knowledge
-Experience in developing and documenting governance processes supporting operational risk frameworks
-Strong understanding and proven capabilities implementing COSO, COBIT, ITIL / ITSM, ISO 27001, NIST (Computer Security and Cyber Security), Business Continuity Planning, etc. industry leading frameworks, standards and guidelines
-Experience in mapping IT/IS Risk and Cyber Security risk, control and regulatory taxonomies
-Experience in developing and documenting governance processes and methodology supporting IT/IS risk and Cyber Security frameworks and policies
-Experience in identifying risk to business service/products and processes
-Underlying business knowledge and experience (Corporate and investment banking environment)
-Knowledge and experience in Operations or Product Control
-MS Office (Power Point, Word or Excel Expert)
-Operational Risk Tools knowledge (SG or Industry)
-Knowledge of tools used in the processing chain is a plus (SG or Industry)
-Strong analytical skills with high attention to details and accuracy
-Ability to articulate complex concepts in a clear manner
-Excellent verbal, written, and interpersonal communication skills
-Able to organize time, multitask, and define priorities (autonomy)
-Able to interact with all level of the organization from operators to executive management members
-Must be able to work collaboratively within a complex organization, across multiple cultures, geographies and disciplines
-Ability to be flexible and agile (priorities may change and escalation need to be adapted)
Demonstrated ability to lead change through influencing skills, be a positive change agent
-English required - Other spoken languages in the region or French are a plus.
If you feel you have the required experience and qualifications, then please apply to the SG Resourcing Team, and we will manage your application. At Societe Generale, we believe our people are our strength and are core to the success of our business. As such, we search for, recruit and appoint the best available person on the basis of aptitude and ability, regardless of sex, marital or civil partnership status, race, colour, nationality, ethnic or national origins, pregnancy, disability, age, sexual orientation, religion, belief or gender reassignment.
Environment People join for the impact they can have on us. They stay for the impact we have on them. A flatter structure offers visibility and exposure beyond that of our competitors, so you know our names, and we know yours. It's personable, human, and inspires success through passion. By encouraging open mindedness and a willingness to share ideas, we have adapted to market changes and thrived through innovation. Bringing words like "hard work" and "dedication" together with "community" and "respect" has enabled us to work collaboratively and build our future together. We call this Team Spirit and it's what makes us different. It's what makes you different.
Job code: 19000KBK Business unit: SG CIB Starting date: Immediate Date of publication: 09/07/2019
Internal Number: 6198243
About SOCIETE GENERALE
eFinancialCareers is a career site specializing in financial services.