- Job purpose
- Schedule and maintain the global penetration testing and vulnerability scanning activities (including retesting) across the Group, vendors and acquisition as required.
- Provide team leadership for a team of expert penetration testers, and ensure resources are appropriately scheduled and fully utilized.
- Manage, balance, and schedule penetration testing with global penetration testing suppliers, based on team utilization and skills, and manage conflicts or delays.
- Ensure penetration testing is performed within defined time frames by suppliers and the internal penetration testing team, and that the deliverables are collated and that they meet the intent of testing.
- Manage and report on team and penetration testing KPI’s when requested and regularly to centralized reporting functions.
- Monitor and maintain quality assurance processes of penetration testing delivery and supplier
- Ensure that reporting, tracking and monitoring or defects is completed.
- Act as first line response/point of contact for penetration testing issue resolution and escalation.
- Key responsibilities
- Schedule and manage all vulnerability assessments and penetration testing activities (including retesting) across the group.
- Assure the commercial quality and timeliness of the penetration testing services and deliverables provided by vendors and internal penetration testing team
- Manage a team of expert penetration testers and ensure resources are appropriately scheduled and fully utilized at all times including time for R&D, personal and technical development
- Provide on request dashboard KPI’s and reports, as well as appropriate information to key stakeholders
- Continually maintain and monitor the team’s technical and consultative capabilities through individual development activities, accreditations and certifications to remain constantly prepared to challenge the ever-evolving cyber threat
- Bachelor degree in Computer Science, Engineering, or related field but is not essential
- An MSc Information Security would be desirable but is not essential
- Information Security and /or Information Technology industry certification (CISSP, CISM, GIAC or equivalent) strongly preferred
- Member of IISP or have the qualification, skills and experience to become a member
Overall work experience in the field
- Experience with scheduling and administration of penetration testing and vulnerability assessments > 5 years
- Experience of working with specific Information Security Controls and Vulnerability Databases > 5 years
- Experience in network and/or firewall engineering, administration, design and implementation including experience in applying methodologies and principles for all levels of Information Security > 7 years
- Experience with technologies, tools and process controls to minimize risk and data exposure > 5 years
Skills / abilities
- Ability to function effectively in a matrix structure
- Operate comfortably at management level
- Strong facilitation, negotiation and conflict resolution skills
- Strong networking skills
- Team player
- Apply analytical rigour to understand complex business scenarios
- Fluent in English
Would you like to wake up every day driven and inspired by our noble mission and to work together as one global team to empower people to live a better life? Here at AXA we strive to lead the transformation of our industry. We are looking for talented individuals who come from varied backgrounds, think differently and want to be part of this exciting transformation by challenging the status quo so we can push AXA - a leading global brand and one of the most innovative companies in our industry - onto even greater things.
In a fast-evolving world and with a presence in 64 countries, our 165,000 employees and exclusive distributors anticipate change to offer services and solutions tailored to the current and future needs of our 107 million customers.
To support our business strategy and digital transformation, AXA is building a new Group Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business.
Our vision for Information Security is to ‘protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees’.
At AXA, we lead a an HR policy that encourages diversity, maintains your professional and private life balance and accelerates the skills and career development : promotion of diversity, remuneration policy, training device, ... Discover everything that makes AXA an employer of choice.
Whatever your job is, we strive to offer you career opportunities. Our goal is to develop your skills to support the transformation of our changing business.