Security Consultant (Governance, Risk & Compliance) 6 month FTC
The Security Consultant partners with the business stakeholders and technical specialists to ensure the companies have an appropriate level of protection for their information assets, in keeping with AXA Partners policies and AXA Group standards.
Work closely with Partners entities, in particular the Local Security Officers and Regional Security Officers to support, drive, monitor and report on the status of the different security improvement plans.
- Collection and monitoring of KPI’s defined in AXA Partners KPI strategy
- Collaborate with and support the Group Security Practice. Interactions with AXA Partners CSO, CISO, Regional Security Officer and other stakeholders as necessary to ensure presence, quality and effectiveness of processes & controls
- Develop and maintain repeatable, documented processes to identify and collect risk conditions, facilitate remediation, and monitor remediation
- Build automated solutions for risk monitoring and reporting on key risk indicators for GRC and central Security teams, including PowerBI dashboards
- Support, drive and report on entities risk assessment execution following AXA Partners defined methodology
- Internal PCI DSS assessments and delivery of attested SAQs
- Identifying payment card data flows, defining local Cardholder Data Environments and creating local data flows that includes people, processes and technologies involved
- Regular reporting on PCI DSS compliance status, action plan execution & KPIs to C-level stakeholders
- Cooperation with QSAs, Payment Providers, Service Providers and other third parties, as well as with internal resources in IT, business and management
- Information Security Risk Assessments of AXA entities according to the AXA Group methodology
- Implementation and development of Information Security Management System
- Information Risk Management: creating risk mitigation plans, data entry, tracking planned activities
- Preparing and conducting security awareness trainings, Information Owner trainings
- Implementing security in life cycle of the projects
SKILLS AND EXPERIENCE
- 3+ years’ experience in security risk assessment, security audit and compliance, security risk remediation role
- Recognised IS qualification like PCI ISA – Internal Security Assessor, ISO 27001 Lead Auditor or Lead Implementer
- Skills on building automated solutions for large data sets, KPIs monitoring and security dashboards
- Bachelor or Master’s degree in computer science, management information systems, information security or related field would be a plus
• A solid background in designing and providing Information Security solutions within a Financial Services company
• Ability to audit vulnerabilities and provide / validate risk remediation action plans
• Good knowledge of cloud security (Microsoft Azure, AWS)
• IT/IS assurance experience gained by working on projects
• Good Knowledge of current technological trends and developments in the area of information security
• Expert in process design analysis & designing secure solutions
• Experience in receiving Information Security audits and their requirements
• Experienced in defining high quality information security policies and security related processes and procedures
• Knowledge of software development & security, expertise in Secure Development Life Cycle
• Broad knowledge of general and security technology and standards, such as server security, firewalls, networks, TCP/IP, encryption
- Knowledge of ISO Standards ISO27001/2
- Knowledge of PCI DSS
- Knowledge of GDPR requirements and other legislation, which govern Information Security
• Ability to work well under pressure, prioritise work in an organised manner and to work with minimal supervision
• The ability to influence others to take appropriate action in an effective and timely manner; discrete and pragmatic when it comes to dealing with issues
• Ability to work as an effective team member who encourages the development of others
• Good communication and interpersonal skills with the ability to develop strong relationships in the Business at all levels and with third party suppliers
• Demonstrable experience of managing implementations in a consistent and effective manner
- Fluent English (speaking and writing)
• Awareness of the commercial imperatives of the business when delivering solutions
AXA Group is the world leader in insurance and asset management. We protect and advise our clients at every step in their lives, by offering products and services which satisfy their needs in the areas of insurance, personal protection, saving and asset management. AXA is the leading insurance brand worldwide, with over 100 million clients. We are transforming from payer to partner for our client, with a strong focus on risk prevention.
Our mission: Empower people to live a better life.
Our values: Customer First, Courage, Integrity and One AXA.
AXA Partners is an AXA transversal business unit offering a wide range of solutions in assistance services, travel insurance and credit protection.
AXA Partners’ role is also to implement innovative solutions emerging from the AXA Innovation unit.
Combining passion with advanced expertise, we design and deliver worldwide solutions for partners and communities. We protect what matters, when it matters.
By joining AXA Partners, you will work in a responsible company, which offers a real culture of expertise & diversity. Our focus is on accelerating the development of everyone’s skills, whilst offering attractive and competitive compensation and opportunities for professional development and growth.
Additionally, at AXA, we work to make a real difference to people - when amazing things happen and when we create opportunities for a better life, the feeling of pride is extraordinary.