Reference:
24000K7E
Responsibilities
The IT Audit Associate is expected to have a high degree of independence and autonomy and participates to all stages of the audit process, under the supervision of the head of assignment. His/her primary responsibilities within the Internal Audit Department include but are not limited to the following:
- Participate to all types of regional or global IT audits, as part of either dedicated audits of IT functions or as part of integrated audit conducted in conjunction with the business/financial auditors.
- Independently and autonomously participate in the audit process: create diagnostic matrix with proposed processes and controls for review, identify use cases for data quality testing and relevant sampling strategies, provide concise and comprehensive debriefing presentation for IGAD management and auditees.
- Ensure that Audit management is informed, on a timely basis, of all significant issues arising from missions and of any event that may have an impact on the company.
- Write clear and impactful findings and audit reports that provide added value to the organization.
- Perform diligent follow-up of audit recommendations and action plans.
- Contribute to the development of risk assessment, internal control evaluations, and other processes necessary to determine areas of risk or weakness that will contribute to the development of audit plan and strategy.
- Participating in department wide transformation projects (data analytics, digital transformation, etc.) and actively contribute, communicate, and implement the changes, and support others through the process.
- Maintain a professional and independent image for Internal Audit across the Group.
Required
Profile required
DIVISION DESCRIPTION:
The Audit Division (IGAD) represents Societe Generale's independent internal audit function, comprised of over 1,200 professionals covering Societe Generale's global business and services in over 150 countries. The SGUS Audit Department (SGIAA) within IGAD is a group of about 70 professionals with diverse backgrounds and subject matter expertise based in the US, Bangalore, and Brazil, responsible for Societe Generale's businesses in the Americas region. Constituting the third line of defense, IGAD conducts independent audits of operational entities in an objective, thorough and impartial manner in line with professional standards. IGAD assesses the compliance of the Group's operations, the effective level of risk exposure and management, the adequate enforcement of procedures and the effectiveness and relevance of the permanent control set-up.
SKILLS AND QUALIFICATIONS:
Required:
- Knowledge of one or more IS/IT areas: governance, projects, developments and SDLC, production, security, risk management, disaster recovery planning, and technical infrastructure components.
- Familiarity with IS/IT processes (incident management, change management, release management, configuration management, etc.)
- Knowledge of IT Security concepts, familiarity with vulnerability testing and awareness of security exploits
- Familiarity with Infrastructure components, such as: Database management systems (e.g., DB2, SQL Server and Oracle), major computing platforms (Windows NT/2000, UNIX operating systems) and client/server architectures, commonly used systems and applications, and web-based technologies, Network components (firewalls, routers, switches, IAPs)
Nice to Have:
- Familiarity with investment banking/financial services business and products considered a plus
- Familiarity with one or more security and control frameworks such as ISO 17799, COBIT, COSO, Common Criteria, FFIEC, etc.
- Familiarity with regulations and statutes such as: GLBA, the California Privacy Bill, or the Volker Rule / Dodd Frank Act
- Knowledge of anti-money laundering (AML) systems used for transaction monitoring or sanctions/OFAC screening, and knowledge of payment processing systems.
Education/Prior Experience:
Required:
- Bachelor’s degree in computer science, information Systems, Information technology or a business discipline.
Nice to have:
- ISACA certifications: CISA (or to be obtained quickly after the recruitment).
- Master’s degree in a business or IS/IT discipline
- Preferred certifications: ITIL, CISM, CISSP, CIA, PMP, Prince2
- Other certifications considered a plus: CGEIT, CNE, MCSE, MCP, CCSP, CCIE, CCNA
Business insight
OUR CULTURE:
At Societe Generale, we live by our 4 core values of commitment, responsibility, team spirit and innovation. We are engaged and demonstrate consideration for others. We act ethically and with courage. We focus our talent and energy on collective success. We experiment and propose new ideas. This way, we maximize our ability to serve client needs and anticipate market changes. Societe Generale is committed to strengthening bonds with colleagues, communities, and the world in which we live, because relationships are at the heart of how we operate.
For more information about our Culture and Conduct initiatives, please visit this link (https://americas.societegenerale.com/en/careers/get-know-culture/)
D&I:
Our Diversity & Inclusion Mission: Recruit, develop, advance, and retain a diverse workforce that is united in our efforts to enhance our competitive position and deliver innovative solutions to our clients.
Our Diversity & Inclusion Vision:
- Engaged workforce that is demographically diverse in a way that reflects the communities in which we operate
- Inclusive culture and workplace that recognizes employees' unique needs and utilizes their diverse talents
- Engage our community and marketplace, and position the organization to meet the needs of all its clients
For more information about our D&I initiatives, please visit this link (https://americas.societegenerale.com/en/societe-generale-about/diversity-and-inclusion/)
HYBRID WORK ENVIRONMENT:
For most positions, Societe Generale offers a hybrid work arrangement that offers employees the flexibility to work remotely, as well as on-site, in order to promote interaction and collaboration with colleagues while adhering to all SG standard protocols. Hybrid work arrangements vary based on business area. The applicable Business lines will determine and communicate the work arrangements that best meet their business needs.
COMPENSATION & SALARY RANGE:
Base salary range does not include overtime pay, bonus and/or other benefits, where applicable. Actual base salary offer will vary based on skills and experience.
Societe Generale is an equal opportunity employer, and we are proud to make diversity a strength for our company. We are committed to recognizing and promoting the talents and achievements of our employees and staff, regardless of race, religion, color, national origin, sex, disability, age, gender, sexual orientation, and any other characteristic or status protected under applicable law.