Required technical competencies
- Business analysis skills such as stakeholder identification, interviewing, facilitation, and requirements definition and root cause analysis (E4 - Excellence)
- Process analysis and design (E4 - Excellence)
- Solution design (functional specifications) (E4 - Excellence)
- Experience or exposure to Information Security would be beneficial (E3 - Experience)
- Experience or exposure to Project or Program management would be beneficial (E3 - Experience)
Required soft skills & behavioural competencies
- Interpersonal skills (Mastery)
- Confidence and professionalism is crucial as the candidate will frequently engage with Executive level management
- Trustworthiness is crucial as the candidate will be working in a high risk environment
- Oral communication and persuasive skills are important in managing expectations across a large group of stakeholders
- Problem solving and Stakeholder Management (Mastery)
- Creative and innovative approach to problem solving
- Ability to elicit intentions and requirements from the audience and ensure delivery against expectations
- Comfortable dealing with a diverse, multinational stakeholder group
- Recommends solutions relevant to the complexity, scope, risk and magnitude of the problem
- Quality (Mastery)
- The service has a high executive exposure, the quality of output is crucial and has a high impact of the perceived professionalism of the Group Security practice
- University graduate with a degree in Business Management (MBA) (or Grandes Ecoles)
- IIBA CBAP or related qualification would be preferred
Overall work experience in the field
- Experience in Business Analysis > 7 years
- Experience of working in large and matrix organisations > 5 years
- Experience in leading shared services or risk functions > 5 years
Skills / abilities
- Fluent in English
- Ability to function effectively in a matrix structure
- Strong networking skills
- Team player
- Ability to apply analytical rigour to understand complex business scenarios
Level of priority
- Necessary: The responsibility/objective is necessary and must be considered as medium priority
- Important: The responsibility/objective is important and must be considered as high priority.
- Crucial: The responsibility/objective is crucial and must be considered as top priority.
- E0 - Elementary: Demonstrates introductory understanding and ability and, with guidance, applies the competency in a few simple situations.
- E1 - Exposure: Demonstrates basic knowledge and ability and, with guidance, can apply the competency in common situations that present limited difficulties.
- E2 - Experience: Demonstrates solid knowledge and ability, and can apply the competency with minimal or no guidance in the full range of typical situations.
- E3 - Experise: Demonstrates advanced knowledge and ability, and can apply the competency in new or complex situations.
- E4 - Excellence: Demonstrates expert knowledge and ability, and can apply the competency in the most complex situations. Is recognised as an expert, internally and/or externally.
- Novice: Demonstrates the ability primarily under supervision and displays competence in some situations
- Intermediate: Demonstrates the ability with some guidance and is able to leverage competency in multiple situations
- Mastery: Demonstrates the ability independently and is able to leverage the competency in all types of situations with consistency
Building a new practice requires a large amount of process definition and organizational change. The Information Security Transformation Program frequently identifies challenges that could affect the success of the initiative, and a constantly evolving threat landscape introduces new risks that need to be managed concurrently. This resource will assist in clearing these concerns and developing these core functions while ensuring that controls or solutions meet the business needs of the affected AXA Entities, Managers and Executives.
Key deliverables include;
- Continuous Improvement of the Governance framework for the Information Security practice and program, ensuring appropriate flow of information and auditability of management decisions
- Define the target operating model / support framework for new operational functions such as managing audit findings and vulnerabilities
- Support the development of tactical remediation initiatives as Information Security priorities require them
- Job title: Lead Business analyst
- Business Unit: AXA Group Information Security
- Reports to: Head of Management & Control
- Impact: This is a key success factor for AXA to face the systemic and global nature of the Cyber risk, including the elements of business resiliency & physical security.
- Complexity: The resource will have to manage the complexity of a global organization operating in a decentralized architecture. Goals can only be achieved through effective global stakeholder management
- Internal actors: Expected to interact with Management at various levels to define requirements and identify concerns. Expected to interact with various teams to define processes. Close interaction with the Management and Control reporting teams for new KPI’s and KRI’s required
- External actors: Expected to interact with regulators, standards bodies and peer organizations
Key responsibilities - accountabilities
- Build relationships with key stakeholders internally within Information Security and with AXA entities (Crucial)
- Continuously improve the quality and flow of information to key stakeholders (Crucial)
- Problem solving – investigating challenges and issues to identify all potential triggers (Crucial)
- Propose and design solutions to identified challenges (Crucial)
- Ensure all new solutions meet the business requirements of affected stakeholders (Crucial)
- Support the implementation of new processes through design, implementation and change management (Crucial)
With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio. As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders. AXA is setting-up a Group Information Security practice in order to reinforce its short-term risk reduction strategy, aligned with AXA strategy & culture and based on the industry standards.
Business unit statement
To support our business strategy and digital transformation, AXA is building a new Group Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business. Our vision for Information Security is to ‘protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees’.
The AXA Management and Control team forms a crucial step in the Information Security practice by coordinating operational Governance, performing data analysis to detect trends around risks and control failures and provide the Leadership team with the information they need for effective management.