The Vulnerability Management Lead is responsible for the AMER region’s vulnerability management and configuration management program. The position requires excellent communication skills (written and verbal) and a strong ability to influence others. The ideal candidate will be able to demonstrate practical and in-depth knowledge of running an effective vulnerability & / or configuration management program including dynamically responding to emerging threats in the financial services industry. The role also calls for strong technical analysis and process improvement skills and the ability to present to senior management on the state of, and proposals to improve, the program. Working knowledge of cybersecurity and risk assessment frameworks (e.g., NIST) and regulations applicable to the financial services industry (e.g., NYDFS 500, FINRA, SEC) is preferred. The Vulnerability Management Lead is a member of the Cyber Threat Defense (CTD) team within the AMER Data and Cyber Security (ISR) department and reports to the Director of CTD. This position requires strong collaboration across GBSU and GTS departments in the Americas and globally with SG CERT, ISR and GTS teams. Essential Job Functions Vulnerability & Configuration Management Lead the AMER vulnerability & configuration management programs – Act as the main point of contact and expert in Vulnerability Management and configuration management; including overseeing the risk of zero-day vulnerabilities, oversee patching/remediation and risk acceptance of vulnerabilities where appropriate. Oversee the discovery, evaluation, and implementation of vulnerability scanning, patch and configuration review, penetration testing. Present operating and steering committees for projects to senior management on a quarterly basis. Develop and oversee annual roadmaps of initiatives to align with overall InfoSec and business objectives/strategy. Develop and manage detailed vulnerability reviews and assessments, and patching and configuration reviews: (1) Assess potential damage of security flaws and assist in the implementation of corrective actions; (2) Identify, document, and report security issues and concerns to management; and (3) Monitor corrective actions and recommending cost-effective preventive measures to preclude recurrences. Review and sign-off on all recommendations on possible improvements resulting from the work performed as part of projects. Draft and publish communications for management as new threats emerge. Improve the reporting framework that will provide regular metrics and statistics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; report security metrics and statistics to the CISO and other key stakeholders such as the COO, CIO, and CTO. Profile Required Ability to communicate in English, both orally and in writing, is a requirement as the person in this position will need to collaborate regularly with colleagues and partners in the United States. Our Benefits Minimum of 20 Vacation days+ 4 personal daysSupportive Maternity, paternity, parental and adoption leave policy Health spending ($2,000/year) and personal spending ($1,000/year) accounts with 75+ eligible reimbursement categories (health, training, electronics etc.) Fully sponsored virtual healthcare assistance and Employee Assistance Program to you and your immediate family Various Employee Resource Groups (ERG) to engage with such as Pride and Allies, American Women Network, Black Leadership Network, One planet, etc. A culture of continuous development by encouraging our employees various training programs (online training and coaching platform such as Coursera, GoFluent, Pluralsight, First Finance, and others) Societe Generale is committed to offering an inclusive recruitment experience to all candidates. If you require any reasonable accommodations during the recruitment process, please do not hesitate to let our Recruiters know. #J-18808-Ljbffr