Group Security: Strategy Lead

Location France, France
Experience level Experienced Hire
Job details sector Information Technology
Apply before Permanent offer

Required technical competencies

**Level: E1=Awareness, E2=Basic application, E3=Skilful application, E4=Expert



Information Security Management (E4 - Expert)

  • A1 – Governance
  • A2 – Policy & Standards
  • A3 – Information Security Strategy
  • A4 – Innovation & Business Improvement
  • A5 – Information Security Awareness and Training
  • A6 – Legal & Regulatory Environment
  • A7 – Third Party Management


Information Risk Management (E3 - Skilful application)

  • B1 – Risk Assessment
  • B2 – Risk Management


Implementing Secure Systems (E2 - Basic application)

  • C1 – Security Architecture
  • C2 – Secure Development


Information Assurance Methodologies and Testing (E3 - Skilful application)

  • D1 – Information Assurance Methodologies
  • D2 – Security Testing


Operational Security Management (E2 - B application)

  • E1 – Secure Operations Management
  • E2 – Secure Operations & Service Delivery
  • E3 – Vulnerability Assessment


Incident Management (E2 - Basic application)

  • F1 - Incident Management
  • F2 - Investigation
  • F3 – Forensics


Audit, Assurance & Review (E3 - Skilful application)

  • G1 – Audit and & Review


Business Continuity Management (E2 - Basic application)

  • H1 - Business Continuity Planning
  • H2 - Business Continuity Management


Business skills and competences (E2 - Basic application)

  • J1 – Teamwork and Leadership
  • J2 – Delivering
  • J3 – Managing Customer Relationships
  • J4 – Corporate Behavior
  • J5 – Change and Innovation
  • J6 – Analysis and Decision Making
  • J7 – Communication and Knowledge Sharing



Required soft skills & Behavioral competencies

**LevelNovice, Intermediate, Mastery


Leadership (Intermedia)

  • Creates an environment for developing and fostering leadership excellence
  • Effectively communicates the group vision and goals and the benefits in achieving the same
  • Recognizes potential leaders and provides them with challenging assignments/stretch goals
  • Takes calculated risks in decision-making and seeks inputs from the team / stakeholders for the same.
  • Creates mechanisms to recognize individual/group contribution and achievements
  • Can effectively mentor others to acquire this competency


Strategic Thinking (Intermediate)

  • Articulates a vision, develops organizational goals and strategies
  • Maintains a wider perspective, aligns actions and contributes to the enhancement of the overall organizational strategy, including outputs from benchmarking activities and reviews
  • Understands and articulates the projected direction of the organization and how changes to it might impact the group
  • Is aware of trends in the external environment and key differentiators vis-a-vis competition and uses this information to anticipate how these changes would impact the organization


Problem solving (Mastery)

  • Recommends solutions relevant to the complexity, scope, risk and magnitude of the problem


Planning (Mastery)

  • Plans up to 2-5 years ahead (particularly when preparing budgets and resource requirements) in accordance with the project/program portfolio to ensure its successful delivery
  • Provides input into planning and prioritization of project activities
  • Required to analyze and critically evaluate information as well as formulate plans based on multiple sources of information
  • Forward planning required e.g. target setting and forecasting trends
  • Ability to manage action plans, review progress and make adjustments where required


Decision making (Intermediate)

  • Advises on decisions regarding strategy, policy, and structures
  • Quick to assimilate and integrate new information for informed decision making
  • Monitor changes in the operating environment, quick to act upon potential opportunities.
  • Able to quickly evaluate a situation or issue and take the initiative within limits of authority.


Coaching and Mentoring (Novice)

  • Coaching: The process of assisting individuals to set goals then supports the execution of the goals through establishing strategy and providing feedback, insight and guidance to enable the individual to reach their fullest potential.
  • Mentoring: The process in which an experienced colleague is assigned to an inexperienced individual and assists in a training and development or general support role


Interpersonal skills (Intermediate)

  • Assertiveness, empathy, active listening
  • Oral communication, persuasive skills






  • A degree in Business, IT or a related subject
  • An MSc Information Security would be desirable but is not essential



  • Information Security and /or Information Technology industry certification (e.g. CISSP-ISSAP, GIAC or equivalent) strongly preferred
  • Member of IISP or have the qualification, skills and experience to become a member


Overall work experience in the field

  • Experience in IS solution and strategy design >   7 years

  • Experience in business trategy design >  7 years


Skills / abilities

  • Ability to function effectively in a matrix structure
  • Operate comfortably at management level
  • Strong facilitation, negotiation and conflict resolution skills
  • Strong networking skills
  • Team player
  • Apply analytical rigor to understand complex business scenarios
  • Fluent in English








Level of priority     

  • Necessary: The responsibility/objective is necessary and must be considered as medium priority
  • Important: The responsibility/objective is important and must be considered as high priority.
  • Crucial: The responsibility/objective is crucial and must be considered as top priority.


Technical competencies

  • E1 Awareness: Understands the skill and its application. Has acquired and can demonstrate basic knowledge associated with the skill. Understands how the skill should be applied but may have no practical experience of its application.
  • E2 Basic application: Understands the skill and applies it to basic tasks under some supervision. Has acquired the basic knowledge associated with the skill, for example has acquired an academic or professional qualification in the skill. Understands how the skills should be applied. Has experience of applying the skill to a variety of basic tasks. Determines when problems should be escalated to a higher level. Contributes ideas in the application of the skill. Demonstrates awareness of recent developments in the skill.
  • E3 Skillful application: Understands the skill and applies it to complex tasks with no supervision. Has acquired a deep understanding of the knowledge associated with the skill. Understands how the skill should be applied. Has experience of applying the skill to a variety of complex tasks. Demonstrates significant personal responsibility or autonomy, with little need for escalation. Contributes ideas in the application of the skill. Demonstrates awareness of recent developments in the skill. Contributes ideas for technical development and new areas for application of the skill.
  • E4  Expert: An authority who leads the development of the skill. Is an acknowledged expert by peers in the skill. Has experience of applying the skill in circumstances without precedence. Proposes, conducts, and/or leads innovative work to enhance the skill.


Behavioural competencies

  • Novice: Demonstrates the ability primarily under supervision and displays competence in some situations
  • Intermediate: Demonstrates the ability with some guidance and is able to leverage competency in multiple situations
  • Mastery: Demonstrates the ability independently and is able to leverage the competency in all types of situations with consistency

Job purpose


  • Support the development, maintenance and update of the Information Security Strategy and execute the IS strategy components across AXA to ensure that Group Information Security goals are met
  • Contribute to the elaboration of the roadmap and plan needed in order to execture the strategy
  • Coordinate selected projects related to the development of the IS Strategy function
  • Contribute to information security good practice and support its adoption across the group 



Key responsibilities

**Level: necessary, important, crucial


  • Contribute to the development and delivery of the information security strategy ensuring alignment with Groupe governance principles and processes (Crucial)
  • Using portfolio management techniques, contribute to construct a pragmatic roadmap and plan based upon business priorities and risk mitigation (Crucial)
  • Support the communication of the information security strategy, ensure its alignment with business strategies and promote continuous collaboration across the organization (Crucial)
  • Support and contribute to all information security projects and associated teams, managing specific projects as required (Important)
  • Liaise with vendors and suppliers to understand their current and future product-lines and service offerings (Important)
  • Participate in industry education and networking events, maintain relationships with external bodies and peers (Necessary)







  • Job title: Strategy Lead
  • Business unit: AXA Group Information Security
  • Location: either Paris or one of Global Information Security hubs: London, Hong Kong, Bangalore or New Jersey      
  • Reports to: Head of Information Security Strategy
  • Impact: The position will have a key impact on the ability of the new practice to understand the Information Technology and Business Stratgies, security technology landscape, threats, and market developments. He/she will ensure an appropriate long term strategy for Information Security in line with business.
  • Complexity: The owner will have to manage the complexity of a global organization operating in a decentralized architecture.



Work related relationships        

  • Internal actors: Expected to interact with Group Internal Audit, Program/Project Managers, Finance, Change and Communication, local Information Security teams, Group CSO N-1 and N-2 
  • External actors: Expected to interact with vendors, Professional Bodies, and organizational peers



Hierarchical organization          

  • This position reports to the Head of Information Security Strategy

Company statement

With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio. As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders. AXA is setting-up a Group Information Security practice in order to reinforce its short-term risk reduction strategy, aligned with AXA strategy & culture and based on the industry standards.

Business unit statement

To support our business strategy and digital transformation, AXA is building a new Group Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business. Our vision for Information Security is to ‘protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees’