du01 décembre 2019au01 décembre 2020(pour12mois)
ETABLISSEMENT :SOCIETE GENERALE
REMUNERATION MENSUELLE :2212€ (indemnité non contractuelle fixée par décret et arrêté, dont le montant peut varier notamment en
fonction de l’évolution du barème de référence, de la localisation de la mission et des cas d’abattements prévus par les textes)
At Société Générale, you will be joining the Risk department. Its job is to contribute to the development of Société Générale’s business and profitability by defining the Group’s appetite for risk, in liaison with the Finance department and the core businesses. The Risk department is also responsible for implementing the system used to control and monitor risks.
Description of the Business Line
The Risk Management (RISQ) Division in the UK. Independent from the Business Lines, RISQ Division's mission is to contribute to the development of the SG Group's activity by facilitating the objectives of the Business Lines while maintaining independent oversight through risk evaluation and monitoring.
The mission of the Operational Risk Second Line of Defence department (RISQ OPE) is to provide independent, objective and leading operational risk management challenge and oversight services to assist the firm in maintaining an effective system of operational risk management.
RISQ OPE conducts the oversight of the governance, risk and control frameworks and tolerances of Operational Risk.
RISQ OPE provides proactive advice to help management identify and measure key risks, and to evaluate controls in existing and expanding businesses. An objective is to accompany the employees and raise awareness on the importance of operational risk management which is based on the principle that “everyone is an operational risk manager”.
RISQ OPE organises and/or tests the soundness and efficiency of the operational risk framework, especially on governance, risk identification and mitigation as well as permanent controls.
Summary of responsibilities
Primary Responsibilities as a member of RISQ/OPE
• Participate in LOD1 committees such as IT Risk, Information Security and Cyber Security, understand their operational and cyber resilience exposure for the SGLB products, services and processes.
• Evaluate the scope of the information security management organization and determine whether essential security functions are being addressed effectively for the following:
o Implementation of information security architecture, policies and procedures.
o Alignment of information security strategies within business and functional units.
• Provide independent opinion, analysis and expert judgement to RISQ/OPE management with an assessment of the effectiveness of the information systems and security management processes. The processes are:
o Data management lifecycle and protection management.
o Security in project lifecycle which includes applications and IT infrastructure.
o Access control and user identity management.
o Configuration management of other security tools such as intrusion detection and penetration testing systems and antimalware.
o Information security incident management and security forensics.
• Review management of information security technologies within the SGLB UK, formally challenge governance of information security processes, enforcement of policies and monitoring.
• Provide advice on proposal or decision made by business lines related to processes, tools or solutions related to operational risk management.
• Perform independent analysis of the LOD1 reports to provide expert judgement for the areas specific to IT / Cyber incidents, non-compliant information systems, data leakage/breach and non-compliant to the Group's information security policies.
• Assess the robustness and sustainability of the Business Continuity Management (BCM) framework and governance of the associated processes embedded with SGLB business and functional units. Review adequacy of the BCP test plan and challenge the test results assuring effectiveness of the Business Continuity arrangements.
• Develop knowledge (e.g. participate or engage industrial working group/forum) and advise on (market) best practices related on risk management
• Produce and animate the necessary operational reporting and governance for the executive committee in line with the local risk teams.
• Participate or coordinate with other second line teams and third line exercises as well as regulator requests on operational risk
Graduate with a Master degree from Business/Engineering school or University, majoring in Finance.
Operational Risk knowledge
• Basic understanding of Operational Risk and how it may manifest itself in a Financial Services environment
• Basic understanding of the various Business and Support Units operating in a Financial Institution
• Good understanding of Information Technology, gained through study at university
• Would be a plus to have some basic knowledge on Information Security
• Strong analytical skills with high attention to details and accuracy
• Ability to articulate complex concepts in a clear manner
• Excellent verbal, written, and interpersonal communication skills
• Able to organize time, multitask, and define priorities (autonomy)
• Able to interact with all level of the organization from operators to executive management members
• Must be able to work collaboratively within a complex organization, across multiple cultures, geographies and disciplines
• Ability to be flexible and agile (priorities may change and escalation need to be adapted)
• Demonstrated ability to lead change through influencing skills, be a positive change agent
• Good knowledge of MS Office (PowerPoint, Word, Excel)
• English required, French would be a plus
The VIE assignment in a nutshell
This VIE in London is to begin as soon as possible but you need to plan 3 months between your application date and the beginning of your VIE assignment. It will last 12 months.
The VIE is a specific contract, under Business France’s eligibility criteria, opened to candidates under 28 and from the member states of the European Economic Space. For further information, please see www.civiweb.com.