Global Information Security Risk Assessor Lead
THE CONTEXT :
This position takes place inside the Group Security that :
- Defines AXA’s information security standards and instructions and overseeing their implementation across the Group
- Drives information security risk management (e.g. identification, evaluation, mitigation and monitoring)
- Provides information security expertise to the entities
- Defines the Security strategy for AXA and identify security threats
- Defines AXA’s operational resilience standards and instructions and overseeing their implementation across the Group
- Defines, develops and oversees Group crisis management exercises
- Defines AXA’s physical security and safety standards and instructions, and oversees their implementation across the Group
- Ensures the alignment of security objectives with the local CEOs and support their achievements.
- Supports the entities of the Group to deliver their security activities.
THE POSITION :
The key responsibilities of the Global Information Security Risk Assessor Lead are:
Information Security Assurance Plan & Risk Assessment:
- Perform, on a yearly basis, Enterprise Information Security Risk Assessments with AXA Group Operations Business Owners, & their teams; & report AXA Group Operations consolidated report to Group Security
- Collaborate with AXA Group Operations stakeholders (Business Owners, Project Managers, Security Architects, …) to gather requirements for Risk Assessments & Remediation plans, on products already in production
- Ensure information security risk assessments are consistent, and follow the methodology defined by Group Security
- Optimize, with a risk based approached, information security risk assessments methodology to ensure almost all products are assessed
- Develop information security remediation plan, jointly with AXA Group Operations stakeholders (project team or product team) to ensure residual risk will stay within AXA Group Operations risk appetite
- Get sign off from Product Security Officers on Risk Assessments & Remediation plans before they are submitted to AXA Group Operations Business owner
- Engage with AXA Group Operations Business owner to agree on the information security risk assessment report
- Ensure that where an information security risk assessment goes above AXA Group Operations risk appetite, remediation action plan is implemented and/or residual risk is formally accepted by ad-hoc committee
- Perform, on a regular basis, an update of top cyber risks AXA Group Operations entity is facing
- Update AXA GO Crown Jewels list on a yearly basis
Information Security Risks monitoring:
- Ensure the applicable information security risks are captured on the appropriate tool, with the corresponding agreed remediation actions, owners & target dates
- Conduct regular review meetings with information security risk owners, and Product Security Officers, to get status update on remediation actions.
- Produce information security risk reports with an updated status on remediation actions, and publish them to Head of Information Security, Product Security Officers and all key AXA Group Operations stakeholders.
- Escalate to Product Security Officers on remediation actions plans if information security risk owners have missed agreed timelines, and also if actions have not progressed beyond a reasonable time frame.
- Get final sign off from Product Security Officers before closing an information security risk
- Document, & archive, all closed risks.
The Key stakeholders are:
- Internal actors: Expected to interact with other AXA Group Operations teams, & AXA Group Operations customer security teams
- External actors: Expected to interact with external service providers, vendors, officials, pears and professional clubs
- Bachelor degree in Computer Science, Engineering, or related field.
- An MSc Information Security would be desirable but is not essential
- ISO 27005 Risk Management, ISACA CRISC certification strongly preferred
- Information Security and/or Information Technology industry certification (ISC2 CISSP, ISACA CISM or equivalent) strongly preferred
- Project management certification (Prince 2, PMP, …) preferred but not required
Experience in the field
- Experience in information security > 8 years
- Experience in information security architecture > 6 years
- Experienced in developing information security assurance plans
- Experience in delivering messages to Project Managers and business audiences
Skills / Abilities
- Cross cultural sensitivity
- Ability to effectively operate in a decentralized and political corporate environment
- Strong organizational skills to to prioritize workload & meet deadlines
- Good communication skills
- Good analytical skills
- Good writing skills
- Fluent in English
Would you like to wake up every day driven and inspired by our mission of acting for human progress by protecting what matters? Here at AXA we strive to be a responsible employer, placing employee engagement at the heart of its business strategy. Achieving this means creating a workplace built on AXA's Values that foster diversity and equal opportunities for all, promotes employee participation, encourages professional development, and supports employee well-being.
We are looking for talented individuals who come from varied backgrounds, think differently and want to be part of this exciting transformation by challenging the status quo so we can push AXA - a leading global brand and one of the most innovative companies in our industry - onto even greater things.
In a fast-evolving world and with a presence in 57 countries, our 160,000 employees anticipate change to offer services and solutions tailored to the current and future needs of our 108 million customers.
AXA is becoming a sustainable tech-led company and at AXA Group Operations we are one of the major catalysts for this transformation.
We set the tone by triggering and empowering the evolution of our insurance business model through technology and innovation, driving its concrete implementation globally at speed, with a high quality of advisory and execution.
We are present across 17 countries with committed, highly qualified teams. We leverage technology, data, sourcing, security and investment allocation in a global way, but also achieve economies of scale and synergies when necessary.
At AXA Group Operations, we want to be recognized in three fields of action:
- State-of-the-art Data Technology to drive customer experience
- State-of-the-art Procurement & Sourcing to drive efficiency and better manage risks
- High-Performing Global Team for stronger partnerships with AXA entities
We bring together the expertise, cultural diversity and creativity of over 8,000 employees worldwide and we’re committed to equal opportunities in all aspects of employment (gender, LGBT+, disabled persons, or people of different origins) and to promoting Diversity & Inclusion by creating a work environment where all employees are treated with dignity and respect, and where individual differences are valued.