Information Security Third Party Risk Management

**Responsibilities**:
**ABOUT THE JOB**:
**What will be your DAY-TO-DAY?**
- Develop and manage TPRM Info Sec Day to Day team both offshore and onshore
- Develop TPRM strategy for Americas region and be responsible for delivery of action plans ensuring conformity with third party risk management compliance (e.g. regulator, auditor, policy, etc.) requires and industry best practices
- Present strategy to senior management (C-suite level)
- Development of strong partnerships with business and support line stakeholders for collaboration on defining strategy, effective execution of vendor security assessments and proactive adoption of information security behaviors
- Assembly, monitoring, and reporting on vendor security metrics to ensure transparency, compliance, and steering of the perimeter

**Profile required**:
**Skills and Qualifications**:
**Must Have**:

- 12+ years’ demonstrable experience in Information Security Vendor Risk Management experience with at least 5+ years of management experience ideally with a remote / offshore team
- Proficient with and at least one GRC tool (highly recommended)
- Solid understanding of common security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software) preferred
- Requires strong analytical skills, problem solving skills, and project/program management skills
- Demonstrated ability to perform Vendor Risk assessments through on-site visits and reviewing SSAE18s
- Ability to commit to deliver tasks in a timely and effective manner
- Ability to work in a team environment
- Ability to take responsibility for all actions performed on an individual basis
- Proven ability to manage issues through to resolution
- Solid understanding of the banking industry’s regulatory requirements for the managing of third parties (e.g., FFIEC)
- Experience working with legal or sourcing as part of contract design to include key provisions for Vendor Risk Management
- Hands-on knowledge of Information Security
- Proven track record of participating in Vendor Risk Management Programs
- Prior experience interfacing with external counterparties
- Excellent written and verbal communication skills
- Proven ability to manage issues through to resolution skilled at making sound decision-making calls
- Ability to successfully multitask and complete difficult assignments with deadlines which may have short lead times
- Excellent communication skills

**EDUCATION/CERTIFICATIONS**
- Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MS required
- Certified training in security management, risk and compliance solutions and practices
- CISSP, CCSP, CCSK, CISA, CISM, GSEC, CRISC, or related certification(s) required

**Languages: French and English**

**_ Ability to communicate in English, both orally and in writing, is a requirement as the person in this position will need to collaborate regularly with colleagues and partners in the United States_**_._

**Why join us**:
**OUR BENEFITS**:
**WHAT WE DO DIFFERENTLY AT SOCIÉTÉ GÉNÉRALE**

Competitive compensation & benefits offering, including but not limited to:

- Minimum of 20 Vacation days + 4 personal days
- Supportive Maternity, paternity, parental and adoption leave policy
- Health spending ($2,000/year) and personal spending ($1,000/year) accounts with 75+ eligible reimbursement categories (health, training, electronics etc.)
- Fully sponsored virtual healthcare assistance and Employee Assistance Program to you and your immediate family
- Various Employee Resource Groups (ERG) to engage with such as Pride and Allies, American Women Network, Black Leadership Network, One planet, etc.
- A culture of continuous development by encouraging our employees various training programs (online training and coaching platform such as Coursera, GoFluent, Pluralsight, First Finance, and others)

**Business insight**:
**OUR CULTURE**:
At Societe Generale, we live by our 4 core values of commitment, responsibility, team spirit and innovation. We are engaged and demonstrate consideration for others. We act ethically and with courage. We focus our talent and energy on collective success. We experiment and propose new ideas. This way, we maximize our ability to serve client needs and anticipate market changes. Societe Generale is committed to strengthening bonds with colleagues, communities, and the world in which we live, because relationships are at the heart of how we operate.
**D&I**:
Our Diversity & Inclusion Mission: Recruit, develop, advance, and retain a diverse workforce that is united in our efforts to enhance our competitive position and deliver innovative solutions to our clients.
- Our Diversity & Inclusion Vision:
- Engaged workforce that is demographically diverse in a way that reflects the communities in which we operate
- Inclusive culture and workplace that recognizes employees' unique needs and utilizes their diverse talents
- Engage our community and marketplace, and position the o