Group Security: Research Lead

Location FRANCE, France
Experience level Experienced Hire
Job details sector Information Technology
Apply before Permanent offer

Required technical competencies

 

 

**Level: E1=Awareness, E2=Basic application, E3=Skilful application, E4=Expert

 

 

 

Information Security Management (E3 - Skilful application)

A1 – Governance

A2 – Policy & Standards

A3 – Information Security Strategy

A4 – Innovation & Business Improvement

A5 – Information Security Awareness and Training

A6 – Legal & Regulatory Environment

A7 – Third Party Management

 

Information Risk Management (E2/E3 - Basic/Skilful application)

B1 – Risk Assessment

B2 – Risk Management

 

Implementing Secure Systems (E2 - Basic application)

C1 – Security Architecture

C2 – Secure Development

 

Information Assurance Methodologies and Testing (E2 - Basic application)

D1 – Information Assurance Methodologies

D2 – Security Testing

 

Operational Security Management (E2 - Basic application)

E1 – Secure Operations Management

E2 – Secure Operations & Service Delivery

E3 – Vulnerability Assessment

 

Incident Management (E1 - Awareness)

F1 - Incident Management

F2 - Investigation

F3 – Forensics

 

Audit, Assurance & Review (E2 - Basic application)

G1 – Audit and & Review

 

Business Continuity Management (E1 - Awareness)

H1 - Business Continuity Planning

H2 - Business Continuity Management

 

Business skills and competences (E3 - Skilful application)

J1 – Teamwork and Leadership

J2 – Delivering

J3 – Managing Customer Relationships

J4 – Corporate Behavior

J5 – Change and Innovation

J6 – Analysis and Decision Making

J7 – Communication and Knowledge Sharing

 

 

Required soft skills & Behavioral competencies

 

**LevelNovice, Intermediate, Mastery

                                        

Leadership (Intermediate)

  • Creates an environment for developing and fostering leadership excellence
  • Effectively communicates the group vision and goals and the benefits in achieving the same
  • Recognizes potential leaders and provides them with challenging assignments/stretch goals
  • Takes calculated risks in decision-making and seeks inputs from the team / stakeholders for the same.
  • Creates mechanisms to recognize individual/group contribution and achievements
  • Can effectively mentor others to acquire this competency

 

Strategic Thinking (Intermediate)

  • Articulates a vision, develops organizational goals and strategies
  • Maintains a wider perspective, aligns actions and contributes to the enhancement of the overall organizational strategy, including outputs from benchmarking activities and reviews
  • Understands and articulates the projected direction of the organization and how changes to it might impact the group
  • Is aware of trends in the external environment and key differentiators vis-a-vis competition and uses this information to anticipate how these changes would impact the organization

 

Problem solving (Mastery)

  • Recommends solutions relevant to the complexity, scope, risk and magnitude of the problem

 

Planning (Mastery)

  • Plans up to 2-5 years ahead (particularly when preparing budgets and resource requirements) in accordance with the project/program portfolio to ensure its successful delivery
  • Provides input into planning and prioritization of project activities
  • Required to analyze and critically evaluate information as well as formulate plans based on multiple sources of information
  • Forward planning required e.g. target setting and forecasting trends
  • Ability to manage action plans, review progress and make adjustments where required

 

Decision making (Intermediate)

  • Advises on decisions regarding strategy, policy, and structures
  • Quick to assimilate and integrate new information for informed decision making
  • Monitor changes in the operating environment, quick to act upon potential opportunities.
  • Able to quickly evaluate a situation or issue and take the initiative within limits of authority.

 

Coaching and Mentoring (Novice)

  • Coaching: The process of assisting individuals to set goals then supports the execution of the goals through establishing strategy and providing feedback, insight and guidance to enable the individual to reach their fullest potential.
  • Mentoring: The process in which an experienced colleague is assigned to an inexperienced individual and assists in a training and development or general support role

 

Interpersonal skills (Intermediate)

  • Assertiveness, empathy, active listening
  • Oral communication, persuasive skills

 

 

Qualifications

 

 

Education

  • Bachelor's degree in Business, Project Management, IT or a closely related subject.
  • An MSc in Information Security would be desirable but is not essential

 

Certification

  • Information Security and /or Information Technology industry certification (e.g. CISSP-ISSAP, GIAC or equivalent) preferred
  • Member of IISP or have the qualification, skills and experience to become a member

 

Overall work experience in the field

  • Experience in Information Security > 7 years
  • Experience in conducting and managing research projects > 2-3 years
  • Experience of IS technology from vulnerability management, IPS/IDS, WAF, HIPS, SIEM, PUAM, Forensics, etc. > 1-3 years

 

Skills / abilities

  • Ability to function effectively in a matrix structure
  • Operate comfortably at management level
  • Strong facilitation, negotiation and conflict resolution skills
  • Strong networking skills
  • Team player
  • Apply analytical rigor to understand complex business scenarios
  • Full professionnal proficiency in French and English

 

 

Appendices

 

Level of priority     

  • Necessary: The responsibility/objective is necessary and must be considered as medium priority
  • Important: The responsibility/objective is important and must be considered as high priority.
  • Crucial: The responsibility/objective is crucial and must be considered as top priority.

 

Technical competencies

 

  • E1 Awareness: Understands the skill and its application. Has acquired and can demonstrate basic knowledge associated with the skill. Understands how the skill should be applied but may have no practical experience of its application.
  • E2 Basic application: Understands the skill and applies it to basic tasks under some supervision. Has acquired the basic knowledge associated with the skill, for example has acquired an academic or professional qualification in the skill. Understands how the skills should be applied. Has experience of applying the skill to a variety of basic tasks. Determines when problems should be escalated to a higher level. Contributes ideas in the application of the skill. Demonstrates awareness of recent developments in the skill.
  • E3 Skillful application: Understands the skill and applies it to complex tasks with no supervision. Has acquired a deep understanding of the knowledge associated with the skill. Understands how the skill should be applied. Has experience of applying the skill to a variety of complex tasks. Demonstrates significant personal responsibility or autonomy, with little need for escalation. Contributes ideas in the application of the skill. Demonstrates awareness of recent developments in the skill. Contributes ideas for technical development and new areas for application of the skill.
  • E4  Expert: An authority who leads the development of the skill. Is an acknowledged expert by peers in the skill. Has experience of applying the skill in circumstances without precedence. Proposes, conducts, and/or leads innovative work to enhance the skill.

 

Behavioural competencies

 

  • Novice: Demonstrates the ability primarily under supervision and displays competence in some situations
  • Intermediate: Demonstrates the ability with some guidance and is able to leverage competency in multiple situations
  • Mastery: Demonstrates the ability independently and is able to leverage the competency in all types of situations with consistency

Job purpose

 

  • Support the development of the Information Security Research and Development capability and execute the IS Research and Development components across AXA to ensure that Group Information Security goals are met
  • Conduct analysis of emerging technology, industry and threat trends and define the future research Program and ensure research is conducted in accordance with the Program
  • Support the evolution of information security within AXA, ensuring consistency with the Group IS Strategy and taking account of internal constraints and external advancements 

 

Key responsibilities

 

  • Contribute to the ongoing research and analysis of emerging technology, risks and industry trends.
  • Contribute to the assessment of the impact on the business environment and recommend appropriate mitigation actions for inclusion into the Group  IS Strategy (Crucial)
  • Define and propose innovative solutions satisfying requirements in accordance with technical design standards. Handle escalations and resolve issues that are impacting IS solution design (Crucial)
  • Support the development and delivery of the information security strategy (Crucial)
  • Contribute to promote Group Information Security research and collaborate on the development and operation of security good practice by establishing and maintaining key relationships with global and regional information security organizations (Crucial)
  • Contribute to managing the information security lab environment  (Crucial)
  • Support and contribute to varied information security projects and associated teams, leading specific projects as required (Important)
  • Liaise with vendors and suppliers to understand their current and future product lines and service offerings, assess the risks and opportunities they present to AXA and provide input into the strategy and architecture framework as required (Important)
  • Contribute to the information security research community and actively participate in appropriate meetings/events/governance forums (Necessary)
  • Participate in industry education and networking events to maintain relationships with external bodies and peers. (Necessary)

 

 

Environment

 

 

Information

  • Job title: Research Lead
  • Business unit: AXA Group Information Security

 

Reporting structure         

  • Reports to: Head of Information Security Research & Design

 

Remits

  • Impact: The position will have a key impact on the ability of the new practice to identify and understand the emerging threats, risks and regulation. He/she will provide an understanding of technology and product changes, roadmaps and lifecycles.
  • Complexity: The owner will have to engage with different levels of stakeholders (business stakeholders, external analysts, technology firms, governance bodies and peers). 

 

Work related relationships        

  • Internal actors: Expected to interact with Group Internal Audit, IST Program & Project Managers, Finance, Local Information Security teams, Group CSO N-1 and N-2
  • External actors: Expected to interact with vendors, Research Bodies, Industry forums and peers 

 

Hierarchical organization          

  • This position reports to the Head of Information Security Research & Design

Company Statement

 

With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio. As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders.  AXA is setting up a Group Information Security practice in order to reinforce its short-term risk reduction strategy, aligned with AXA strategy & culture and based on the industry standards.

 

Business Unit Statement

 

To support our business strategy and digital transformation, AXA is building a new Group Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business.  Our vision for Information Security is to ‘protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees’