Infrastructure Security Specialist

Department Description GCOO/GTE in Asia currently supports Société Générale's IT infrastructures including workstations, computing centres, IT & telecom networks, and remains a major player in the group's digital transition. GTS works in close liaison with Paris to ensure the service continuity to our clients including GBIS, Securities & Private banking. With more than 140 staffs onshore and offshore, RESG/GTS/ASI supports around 3000 users. GTE/SEC is the operational risk management and security management function of GTE. Being the first line of defence for Societe Generale, its main objectives includes: Improve the level of operational risk and security management for GTE Enhance the tools and processes to meet new challenges in security Meet regulatory expectation around risk management and Cybersecurity Raise Security Awareness for SG staffs Lead for critical security projects and provide expertise to drive teams the adapt target security standards (i.e IAM/PAM, vulnerability management topics)Supervise and communicate on infrastructure security issues related to workplace, hosting and other infrastructure services, ensure the internal security controls are appropriate and operating. Provide security expertise to assist the GTE management and other teams to drive security mindsets, perform security /risk assessment. Incident management: Report and follow security incidents and their remedial actions Innovate, propose and drive continuous improvement on our security measure for the region and to our clients/partners. Work together with other security teams (ISR/ SOC, other LODs) to improve our security protection and incident investigation and management process. Manage the security production related topics with all the support teams Operational Risks Domain Change management: Conduct security assessment for infrastructure changes Be the security Interface with stakeholders at all levels, from technical engineers to senior management locally, regionally and globally Cyber reporting: Production of various cyber security reporting (KPIs; KRIs). Coordinate among Infrastructure teams to contribute to external stakeholders reporting and requests Coordinate within Infrastructure teams to drive and manage security operations and controls Conduct security & risk awareness training to the Infrastructure teams Responsibilities Lead for critical security projects and provide expertise to drive teams the adapt target security standards (i.e IAM/PAM, vulnerability management topics)Supervise and communicate on infrastructure security issues related to workplace, hosting and other infrastructure services, ensure the internal security controls are appropriate and operating. Provide security expertise to assist the GTE management and other teams to drive security mindsets, perform security /risk assessment. Incident management: Report and follow security incidents and their remedial actions Innovate, propose and drive continuous improvement on our security measure for the region and to our clients/partners. Work together with other security teams (ISR/ SOC, other LODs) to improve our security protection and incident investigation and management process. Manage the security production related topics with all the support teams Operational Risks Domain Change management: Conduct security assessment for infrastructure changes Be the security Interface with stakeholders at all levels, from technical engineers to senior management locally, regionally and globally Cyber reporting: Production of various cyber security reporting (KPIs; KRIs). Coordinate among Infrastructure teams to contribute to external stakeholders reporting and requests Coordinate within Infrastructure teams to drive and manage security operations and controls Conduct security & risk awareness training to the Infrastructure teams Profile Requirements Knowledge Expert knowledge in and IT operational risk management Expert knowledge and experience in IT security Professional certification recognized by Regulatory bodies like HKMA, e.g. CISM, CISA or CISSP, is mandatory Knowledge and experience in IT infrastructure (speak the language, expertise not required)Knowledge in technology regulatory requirement like HKMA, SFC, MAS, GDPR, CBIRC, etc. is required Project management experience is desired Knowledge and experience in a banking environment will be beneficial but not essential Tools Good skills in Microsoft office, especially Excel, PowerPoint Knowledge in programming or hands-on experience in scripting on automation Knowledge in Identity management solution, SIEM, vulnerability management, and other security produc Behavioral Skills Client - Risk: I strive to satisfy clients while taking into