Head of Information Security Assurance (F/M)

Location 92-HAUTS-DE-SEINE, France
Experience level Experienced Hire
Job details sector Information Technology
Apply before Date not available
Job purpose

  • Create, communicate and implement Information Security Assurance Strategy aligned to the business objectives and Information Security
  • Provide executive level subject matter expertise related to information risk frameworks and act as a mentor to team members and executives throughout the organization
  • Promote a service culture both internally and externally related to Information Security Assurance
  • Lead the development, provisioning and successful implementation of the information risk assessment methodology across the Group.
  • Lead the assurance activities to ensure security is maintained throughout the project lifecycle and in business-as-usual operations.
  • Lead the Digital Presence and protect the brand by effectively governing AXA Group’s large growing digital assets portfolio (all domain names, websites, mobile applications and social media pages used by AXA across the world)
  • Lead the Security Awareness and Behavior Change teams to improve behaviors through awareness and practices to turn all AXA employees in a line of defense (develop “Human firewalls”) and to develop the AXA Information Security Care / Protect / Alert mindset globally across AXA entities

Key responsibilities

  • Design and implement a global information risk assessment process and management framework
  • Develop the 3-5-year strategy and roadmap for IT risk management including risk assessments, internal controls, control monitoring, risk reporting, key risk indicators and risk scorecards
  • Act as a global champion of information risk assessment related policies
  • Define penetration testing strategy and approach; build & execute penetration test plan
  • Raise appropriate awareness through Group Information Security shared service function
  • Define Assurance testing strategy and approach; build & execute assurance testing plan
  • Prepare creation / maintenance plan for the Information Risk Assessment Methodology (IRAM2) for the Group based on relevant new developments with regulation and user feedback, in close co-operation with stakeholders from group and lines of business (LoBs).
  • Benchmark existing security investment against industry peers and secure required funding from executive committee
  • Act as liaison between Group Information Security and various Governance, Risk & Control offices within the company to promote continuous improvement and evolution of the strategy and resulting services.
  • Act as a global champion of information security assurance related policies
  • Lead and mentor Information Security Assurance team members
  • Serves as the primary sponsor for projects related to the development of the Information Security Assurance function
  • Keep up to date about security threats and on new developments in the security area



         University graduate with a degree in Business, IT or a related subject.

         A post-graduate degree in Information Security is preferred


         Information Security and /or Information Technology industry certification (CISSP-ISSAP, CRISC, GIAC or equivalent)

         Member of Institute of Information Security Professionals (M.IISP)

Overall work experience in the field

         Experience in information security > 10 years

         Leadership/ management experience working with individuals and teams from diverse cultures> 5 years

         Experience of working in large and matrix organizations > 5 years

         Experience in leading shared services or risk functions > 5 years

         Experience in an audit or information risk leadership role within the financial services sector > 10 years

         Experience of working in a multi-vendor and outsourced IT environment

Skills / abilities

         Ability to function effectively in a matrix structure

         Strong networking skills

         Team Player – Excellent collaboration skills

         Ability to apply analytical rigor to understand complex business scenarios

         Fluent in English

         Change Agent

Would you like to wake up every day driven and inspired by our noble mission and to work together as one global team to empower people to live a better life?  Here at AXA we strive to lead the transformation of our industry. We are looking for talented individuals who come from varied backgrounds, think differently and want to be part of this exciting transformation by challenging the status quo so we can push AXA - a leading global brand and one of the most innovative companies in our industry - onto even greater things. 
In a fast-evolving world and with a presence in 64 countries, our 166,000 employees and exclusive distributors anticipate change to offer services and solutions tailored to the current and future needs of our 103 million customers.

To support our business strategy and digital transformation, AXA is building a new Group Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business.
Our vision for Information Security is to ‘protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees’.

At AXA, we lead a an HR policy that encourages diversity, maintains your  professional and private life balance and accelerates the skills and career development : promotion of diversity, remuneration policy, training device, ... Discover everything that makes AXA an employer of choice.
Whatever your job is, we strive to offer you career opportunities. Our goal is to develop your skills to support the transformation of our changing business.