Penetration testing Assurance Lead (F/M)

Location 92-HAUTS-DE-SEINE, France
Experience level Experienced Hire
Job details sector Information Technology
Apply before Date not available

Job purpose

  • Contribute to the definition of the Group Information Security penetration testing strategy and approach.
  • To contribute to development, formulation, and drive the implementation and execution of penetration testing assurance verification of local operating companies and third-party vendors, and to assess the adequacy and efficiency of penetration testing within AXA.
  • Contribute to the development and maintenance of the security testing framework and improve security testing across AXA.
  • Contribute to, and support, the technical penetration testing team penetration testing deliverables and output by providing data analysis and review, and presentation.
  • Contribute to the development and analysis of critical business projects, and provide penetration testing guidance and support as applicable.
  • Work with the penetration testing technical lead to scope, implement, and perform the penetration testing scope of work plan, which drives penetration testing assurance verification
  • Coordinate issue resolution and escalation as applicable.
  • Own the stakeholder expectations and priorities effectively as applicable.
  • Work cross-functionally to manage and organize work processes and ensure most efficient work flow.
  • Continually build and enhance processes and reporting to meet stakeholder requirements

Key responsibilities

  • Contribute to the definition and maintenance of the Information Security Development Life Cycle and penetration testing lifecycle including requirements gathering, risk analysis, planning and non-functional security testing assurance as applicable
  • Assure the quality of the penetration testing services provided by vendors or internal teams. Work cross-functionally to manage and organize work processes and ensure most efficient work flow
  • Contribute to the establishment and monitoring of the set up and industrialization of penetration testing quality assurance across group
  • Contribute to the establishment of penetration testing assurance processes and procedures and roll out to across the Group, acquisitions and vendors
  • Conduct penetration testing reviews, coordinate staff and work with other related stakeholders
  • Establish a quality assurance function within the security testing / penetration testing framework in line with the security testing framework, that included the following activities
  • Analyze data output and liaise as appropriate with key stakeholders to and various reporting channels to visualize data in a meaningful and impactful way
  • Embed Information Security Testing Quality Assurance within a wide variety of projects in production and pre-production environments
  • Own the stakeholder expectations and priorities effectively



Qualifications

Education
  • Bachelor degree in Computer Science, Engineering, or related field.
  • An MSc Information Security would be desirable but is not essential
Certification
  • Information Security and/or Information Technology industry certification (CISSP, CISA, CISM, GIAC or equivalent) strongly preferred
Overall work experience in the field
  • Experience in information security management and assurance activities > 7 years
  • A detailed knowledge of the frameworks, methods and tools for information security and IT risk management > 7 years
  • Experience in information security risk, IT risk or audit focussing on identification and mitigation of risks >7 years
  • Experience in developing, implementing and/or management Information Security Management Systems > 7 years
  • Experience of working with specific Information Security Controls and Vulnerability Databases > 5 years
  • Project management related experience to understand the life cycle of a project > 5 years
  • Experience with vulnerability analysis tools > 5 years
  • Experience in network and/or firewall engineering and administration specifically relating to application of methodologies and principles for all levels of Information Security > 5 years
  • Experience with technologies, tools and process controls to minimize risk and data exposure > 5 years
Skills / abilities
  • Ability to function effectively in a matrix structure
  • Operate comfortably at management level
  • Good facilitation, negotiation and conflict resolution skills
  • Good networking skills. Ability to interact with diverse stakeholders, e.g. regulators; customers; executive management; line management; and operational personnel at all levels
  • Team player
  • Apply analytical rigor to understand complex business scenarios
  • Excellent communication skills, written, verbal and presentation skills (English)
  • Highest form of integrity and trustworthiness
  • Ability to think analytically and strategically



Would you like to wake up every day driven and inspired by our noble mission and to work together as one global team to empower people to live a better life? Here at AXA we strive to lead the transformation of our industry. We are looking for talented individuals who come from varied backgrounds, think differently and want to be part of this exciting transformation by challenging the status quo so we can push AXA - a leading global brand and one of the most innovative companies in our industry - onto even greater things.

In a fast-evolving world and with a presence in 64 countries, our 165,000 employees and exclusive distributors anticipate change to offer services and solutions tailored to the current and future needs of our 107 million customers.


To support our business strategy and digital transformation, AXA is building a new Group Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business.
Our vision for Information Security is to ‘protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees’.



At AXA, we lead a an HR policy that encourages diversity, maintains your  professional and private life balance and accelerates the skills and career development : promotion of diversity, remuneration policy, training device, ... Discover everything that makes AXA an employer of choice.
Whatever your job is, we strive to offer you career opportunities. Our goal is to develop your skills to support the transformation of our changing business.