Required technical competencies
**Level: E1=Awareness, E2=Basic application, E3=Skilful application, E4=Expert
Information Security Management (E3 - Skilful application)
A1 – Governance
A2 – Policy & Standards
A3 – Information Security Strategy
A4 – Innovation & Business Improvement
A5 – Information Security Awareness and Training
A6 – Legal & Regulatory Environment
A7 – Third Party Management
Information Risk Management (E2/E3 - Basic/Skilful application)
B1 – Risk Assessment
B2 – Risk Management
Implementing Secure Systems (E2 - Basic application)
C1 – Security Architecture
C2 – Secure Development
Information Assurance Methodologies and Testing (E2 - Basic application)
D1 – Information Assurance Methodologies
D2 – Security Testing
Operational Security Management (E2 - Basic application)
E1 – Secure Operations Management
E2 – Secure Operations & Service Delivery
E3 – Vulnerability Assessment
Incident Management (E1 - Awareness)
F1 - Incident Management
F2 - Investigation
F3 – Forensics
Audit, Assurance & Review (E2 - Basic application)
G1 – Audit and & Review
Business Continuity Management (E1 - Awareness)
H1 - Business Continuity Planning
H2 - Business Continuity Management
Business skills and competences (E3 - Skilful application)
J1 – Teamwork and Leadership
J2 – Delivering
J3 – Managing Customer Relationships
J4 – Corporate Behavior
J5 – Change and Innovation
J6 – Analysis and Decision Making
J7 – Communication and Knowledge Sharing
Required soft skills & Behavioral competencies
**Level: Novice, Intermediate, Mastery
- Creates an environment for developing and fostering leadership excellence
- Effectively communicates the group vision and goals and the benefits in achieving the same
- Recognizes potential leaders and provides them with challenging assignments/stretch goals
- Takes calculated risks in decision-making and seeks inputs from the team / stakeholders for the same.
- Creates mechanisms to recognize individual/group contribution and achievements
- Can effectively mentor others to acquire this competency
Strategic Thinking (Intermediate)
- Articulates a vision, develops organizational goals and strategies
- Maintains a wider perspective, aligns actions and contributes to the enhancement of the overall organizational strategy, including outputs from benchmarking activities and reviews
- Understands and articulates the projected direction of the organization and how changes to it might impact the group
- Is aware of trends in the external environment and key differentiators vis-a-vis competition and uses this information to anticipate how these changes would impact the organization
Problem solving (Mastery)
- Recommends solutions relevant to the complexity, scope, risk and magnitude of the problem
- Plans up to 2-5 years ahead (particularly when preparing budgets and resource requirements) in accordance with the project/program portfolio to ensure its successful delivery
- Provides input into planning and prioritization of project activities
- Required to analyze and critically evaluate information as well as formulate plans based on multiple sources of information
- Forward planning required e.g. target setting and forecasting trends
- Ability to manage action plans, review progress and make adjustments where required
Decision making (Intermediate)
- Advises on decisions regarding strategy, policy, and structures
- Quick to assimilate and integrate new information for informed decision making
- Monitor changes in the operating environment, quick to act upon potential opportunities.
- Able to quickly evaluate a situation or issue and take the initiative within limits of authority.
Coaching and Mentoring (Novice)
- Coaching: The process of assisting individuals to set goals then supports the execution of the goals through establishing strategy and providing feedback, insight and guidance to enable the individual to reach their fullest potential.
- Mentoring: The process in which an experienced colleague is assigned to an inexperienced individual and assists in a training and development or general support role
Interpersonal skills (Intermediate)
- Assertiveness, empathy, active listening
- Oral communication, persuasive skills
- Bachelor's degree in Business, Project Management, IT or a closely related subject.
- An MSc in Information Security would be desirable but is not essential
- Information Security and /or Information Technology industry certification (e.g. CISSP-ISSAP, GIAC or equivalent) preferred
- Member of IISP or have the qualification, skills and experience to become a member
Overall work experience in the field
- Experience in Information Security > 7 years
- Experience in conducting and managing research projects > 2-3 years
- Experience of IS technology from vulnerability management, IPS/IDS, WAF, HIPS, SIEM, PUAM, Forensics, etc. > 1-3 years
Skills / abilities
- Ability to function effectively in a matrix structure
- Operate comfortably at management level
- Strong facilitation, negotiation and conflict resolution skills
- Apply analytical rigor to understand complex business scenarios
- Full professionnal proficiency in French and English
Level of priority
- Necessary: The responsibility/objective is necessary and must be considered as medium priority
- Important: The responsibility/objective is important and must be considered as high priority.
- Crucial: The responsibility/objective is crucial and must be considered as top priority.
- E1 Awareness: Understands the skill and its application. Has acquired and can demonstrate basic knowledge associated with the skill. Understands how the skill should be applied but may have no practical experience of its application.
- E2 Basic application: Understands the skill and applies it to basic tasks under some supervision. Has acquired the basic knowledge associated with the skill, for example has acquired an academic or professional qualification in the skill. Understands how the skills should be applied. Has experience of applying the skill to a variety of basic tasks. Determines when problems should be escalated to a higher level. Contributes ideas in the application of the skill. Demonstrates awareness of recent developments in the skill.
- E3 Skillful application: Understands the skill and applies it to complex tasks with no supervision. Has acquired a deep understanding of the knowledge associated with the skill. Understands how the skill should be applied. Has experience of applying the skill to a variety of complex tasks. Demonstrates significant personal responsibility or autonomy, with little need for escalation. Contributes ideas in the application of the skill. Demonstrates awareness of recent developments in the skill. Contributes ideas for technical development and new areas for application of the skill.
- E4 Expert: An authority who leads the development of the skill. Is an acknowledged expert by peers in the skill. Has experience of applying the skill in circumstances without precedence. Proposes, conducts, and/or leads innovative work to enhance the skill.
- Novice: Demonstrates the ability primarily under supervision and displays competence in some situations
- Intermediate: Demonstrates the ability with some guidance and is able to leverage competency in multiple situations
- Mastery: Demonstrates the ability independently and is able to leverage the competency in all types of situations with consistency
- Support the development of the Information Security Research and Development capability and execute the IS Research and Development components across AXA to ensure that Group Information Security goals are met
- Conduct analysis of emerging technology, industry and threat trends and define the future research Program and ensure research is conducted in accordance with the Program
- Support the evolution of information security within AXA, ensuring consistency with the Group IS Strategy and taking account of internal constraints and external advancements
- Contribute to the ongoing research and analysis of emerging technology, risks and industry trends.
- Contribute to the assessment of the impact on the business environment and recommend appropriate mitigation actions for inclusion into the Group IS Strategy (Crucial)
- Define and propose innovative solutions satisfying requirements in accordance with technical design standards. Handle escalations and resolve issues that are impacting IS solution design (Crucial)
- Support the development and delivery of the information security strategy (Crucial)
- Contribute to promote Group Information Security research and collaborate on the development and operation of security good practice by establishing and maintaining key relationships with global and regional information security organizations (Crucial)
- Contribute to managing the information security lab environment (Crucial)
- Support and contribute to varied information security projects and associated teams, leading specific projects as required (Important)
- Liaise with vendors and suppliers to understand their current and future product lines and service offerings, assess the risks and opportunities they present to AXA and provide input into the strategy and architecture framework as required (Important)
- Contribute to the information security research community and actively participate in appropriate meetings/events/governance forums (Necessary)
- Participate in industry education and networking events to maintain relationships with external bodies and peers. (Necessary)
- Business unit: AXA Group Information Security
- Reports to: Head of Information Security Research & Design
- Impact: The position will have a key impact on the ability of the new practice to identify and understand the emerging threats, risks and regulation. He/she will provide an understanding of technology and product changes, roadmaps and lifecycles.
- Complexity: The owner will have to engage with different levels of stakeholders (business stakeholders, external analysts, technology firms, governance bodies and peers).
Work related relationships
- Internal actors: Expected to interact with Group Internal Audit, IST Program & Project Managers, Finance, Local Information Security teams, Group CSO N-1 and N-2
- External actors: Expected to interact with vendors, Research Bodies, Industry forums and peers
- This position reports to the Head of Information Security Research & Design
With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio. As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders. AXA is setting up a Group Information Security practice in order to reinforce its short-term risk reduction strategy, aligned with AXA strategy & culture and based on the industry standards.
Business Unit Statement
To support our business strategy and digital transformation, AXA is building a new Group Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business. Our vision for Information Security is to ‘protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees’