Group Security: Security Management Assurance Lead

Location FRANCE, France
Experience level Experienced Hire
Job details sector Information Technology
Apply before Date not available

Job purpose

  • Contribute to the definition of the Group Information Security Management Assurance test strategy and approach
  • To contribute to development, formulation, and drive the implementation and execution of appropriate testing mechanisms to assess the information security management control adequacy and efficiency where risks and controls have been identified by both business and IT, thereby ensuring that assurance goals are met
  • Contribute to the development and maintenance of assurance testing frameworks (Security management and Technical assurance)
  • Lead an efficient and effective team with the capability to provide a pivotal role in Information Security Management Assurance controls that are designed to manage the Group`s high priority or most significant risks within the ambit of the AXA risk appetite
  • Scope, implement and perform the Information Security Management Assurance testing plan
  • Coordinate Information Security Management Assurance issue resolution and escalation
  • Own the stakeholder expectations and priorities effectively
  • Work cross-functionally to manage and organise work processes and ensure most efficient work flow
  • Continually build and enhance Control Assessing tools and processes to meet stakeholder requirements



  • Job title: Security Management Assurance Lead
  • Business Unit: AXA Group Security
  • Location: La Défense
  • Reports to: Head of Assurance Testing
  • Impact: This position will have a key impact on the ability to provide assurance over the effectiveness of Information Security Management controls across the organization. 
  • Internal actors: Expected to interact with Group Risk & Group Internal Audit, IT Leadership & Business Leadership, Group Compliance & Legal, IT Operations & Business Operations, peers, Local/Regional CISO and Security teams members
  • External actors: Expected to interact with external third parties to be tested and vendors






  • Bachelor degree in Computer Science, Engineering, or related field.
  • An MSc Information Security would be desirable but is not essential


  • Information Security and/or Information Technology industry certification (CISSP, CISA, CISM, GIAC or equivalent) strongly preferred
  • Member of IISP or have the qualification, skills and experience to become a member

Overall work experience in the field

  • Experience in information security management and assurance activities > 7 years
  • A detailed knowledge of the frameworks, methods and tools for information security and IT risk management > 7 years
  • Experience in information security risk, IT risk or audit focussing on identification and mitigation of risks >7 years
  • Experience in developing, implementing and/or management Information Security management Systems > 7 years
  • Experience of working with specific Information Security Controls and Vulnerability Databases > 5 years
  • Project management related experience to understand the life cycle of a project > 5 years
  • Experience with vulnerability analysis tools > 5 years
  • Experience in network and/or firewall engineering and administration specifically relating to application of methodologies and principles for all levels of Information Security > 5 years
  • Experience with technologies, tools and process controls to minimize risk and data exposure > 5 years

Skills / abilities

  • Ability to function effectively in a matrix structure
  • Operate comfortably at management level
  • Good facilitation, negotiation and conflict resolution skills
  • Good networking skills. Ability to interact with diverse stakeholders, e.g. regulators; customers; executive management; line management; and operational personnel at all levels
  • Team player
  • Apply analytical rigor to understand complex business scenarios
  • Excellent communication skills, written, verbal and presentation skills (English)
  • Highest form of integrity and trustworthiness
  • Ability to think analytically and strategically

Company statement

With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio. As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders. AXA is setting-up a Group Information Security practice in order to reinforce its short-term risk reduction strategy, aligned with AXA strategy & culture and based on the industry standards.

Business unit statement

To support our business strategy and digital transformation, AXA is building a new Group Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business. Our vision for Information Security is to ‘protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees’