Please click on the link below to apply for this position.
The applicant must :
• Be passionate of technology and information security (e.g. know how to search for IT related knowledge, attend to information security conferences, follow information security news, ..)
• Have strong IT skills, including at least one programming language and good knowledge of Windows or UNIX operating systems, Microsoft SQL Server or Oracle databases and network architecture and security principles
• Having published technical articles or tools related to information security is a plus
• Show a great ability to listen, a critical mind, a good analytical sense as well as capacity for synthesis
• Have good communication skills orally and in writing, ability to convince and to write clear, precise and accurate reports
• Be fluent in both English and French (essential)
• Be objective and rigorous in his / her approach
• Knowledge of IT audit methodologies, or Information Security standards (ISO2700x) and tools
• Professional certifications (CISA, CISM, CISSP)
• Third language a plus
• Willing to travel for up to 20% of time
We are looking for an IT auditor with good information security skills to perform independent reviews of IT applications, infrastructure and systems, as well as information security projects and processes across the various entities in the scope of the Central IT Audit team. The IT auditor will report to an IT audit manager.
Internal Audit reviews the effectiveness of the internal control and risk management framework operated within the Group and directs the global internal audit teams to accomplish its objectives of providing independent and objective assurance on the effectiveness of risk management, internal control and governance processes.
The Central IT Audit team is composed of IT auditors and managers covering IT audit matters at Group level and for various entities, including AXA GIE, AXA Investment Managers, AXA Life Invest, AXA Liabilities Managers, AXA Direct Protection / Family Protect, as well as providing expertise and resources for the Internal Service Providers and the Regional IT audit teams and audits delivery.
• As a member of the audit team, conduct internal audit reviews over all Technology related areas in accordance to our methodology, including assessments related to:
- Application and infrastructure security configuration,
- Information security organisation, standards, and risk management,
- Source code security,
- Penetration testing,
- Application and network architecture,
- IT Management & Governance,
- Project Development & Delivery,
- IT Operations,
- Business Continuity.
• Document the key processes and associated controls being reviewed in the audit
• Contribute to the draft audit report elaboration, including the formalisation of added value recommendations on internal controls, operating efficiencies and governance processes being reviewed
• Present audit conclusions to the management of the area audited
• Follow up audit issues and recommendations and monitor management’s action plans progress
• Contribute to the development and the maintenance of IT audit work programmes and tools