Information Security Specialist

  • Competitive
  • Hong Kong
  • Permanent, Full time
  • 18 Mar 19

Information Security Specialist


Societe Generale is one of the leading European financial services groups. Founded in 1864, we have been playing a vital role in the economy for over 150 years. With more than 148,000 employees based in 76 countries worldwide, we accompany 32 million clients throughout the world on a daily basis. Based on a diversified universal banking model, the Group combines financial strength with a strategy of sustainable growth.

Our expertise in the Asia Pacific region ranges from Corporate & Investment Banking (Advisory, Financing and Global Markets) to Asset Management, Securities Services, Trade Finance and Cash Management Services. Leveraging on our formidable global footprint, we serve Corporates, Financial Institutions and the public sector. With our regional headquarters in Hong Kong, we operate in 11 countries across Asia Pacific, employing over 6,600 employees. You can find us in Beijing, Seoul, Tokyo, Singapore, Mumbai, Sydney and other locations in the region.

At Societe Generale we have developed - and continue to develop - advanced programmes to support your career development. A diverse and comprehensive Learning & Development programme, a Junior programme for graduates and a Remuneration policy that stimulates your growth are just a few examples that illustrate how we help you to fulfil yourself personally and professionally, and how we develop your ability to adapt to ever-changing environments and transform challenges into opportunities.

RESG/GTS in Asia currently supports Société Générale's IT infrastructures including workstations, computing centres, IT & telecom networks, and remains a major player in the group's digital transition. GTS works in close liaison with Paris to ensure the service continuity to our clients including GBIS, Securities & Private banking. With more than 140 staffs onshore and offshore, RESG/GTS/ASI supports around 3000 users.

GTS/SEC is the operational risk management and operational security management function of GTS. Being the first line of defence for Societe Generale, its main objectives includes:

  • Improve the level of operational risk and security management for GTS
  • Enhance the tools and processes to meet new challenges in security
  • Meet regulatory expectation around risk management and Cybersecurity
  • Raise Security Awareness for SG staffs


  • Infrastructure Security & Risk projects/program management for the region

- Work with Global Team to setup Program / Project planning and scoping for the region
- Assist GTS skills teams for design and implantation of required controls and risk management framework
- Communicate and report regularly and proactively on projects progression, and potential issues requiring escalations to the management
  • Work on the regulation Infrastructure related topics (questionnaire, assessment, propose solution and remediation) for RESG/GTS in ASIA
  • Coordinate within GTS the review and execution of operational / managerial supervision controls to ensure adequate risk coverage and compliance with global / local regulations;
  • Follow-up the correction of managerial supervision anomalies and action plans
  • Risk Control Self-Assessment (RCSA) for RESG/GTS in Asia
  • Follow security incidents and their remediation actions
  • Familiar with the change management processes
  • Interface with stakeholders at all levels, from technical engineers to senior management
  • Work closely with other risk and security departments, including all 3 lines of defence
  • Vulnerability management: conduct scan; reporting, remediation follow-up
  • Facilitate and coordinate Audit and Inspection missions
  • Cyber reporting: Production of various cyber security reporting (KPIs; KRIs). Coordinate GTS contribution to external stakeholders reporting and requests
  • Be the security Interface with stakeholders at all levels, from technical engineers to senior management locally, regionally and globally
  • Conduct security & risk awareness training to the Infrastructure teams


  • Expert knowledge in and IT operational risk management
  • Expert knowledge and experience in IT security
  • Knowledge and experience in common SIEM tools and security products
  • Professional certification recognized by Regulatory bodies like HKMA, e.g. CISM, CISA or CISSP, is mandatory
  • Knowledge and experience in IT infrastructure (speak the language, expertise not required)
  • Knowledge and experience in a banking environment will be beneficial but not essential
  • Familiar with Asia regulations around Cyber Security and Risks related topics will be preferred (such as CRAF for HKMA, TRM for MAS)
  • Good skills in Microsoft office, especially Excel
  • Good knowledge of SharePoint architecture and design

Soft Skills
  • Good verbal, written, and interpersonal communication skills
  • Able to organize time, multitask, and define priorities (autonomy)
  • Able to interact with all level of the organization from operators to executive management members
  • Must be able to work collaboratively within a complex organization, across multiple cultures, geographies and disciplines

  • English proficiency required - other spoken languages in the region or French are a plus.