Head of Security Design & Solutions

Location FRANCE, France
Experience level Experienced Hire
Job details sector Information Technology
Apply before Date not available

Qualifications

 

Education

Bachelor degree in Computer Science, Engineering, or related field. 

An MSc Information Security would be desirable but is not essential

 

Certification

Information Security and /or Information Technology industry certification (CISSP-ISSAP, CISM, ISO 27001 Lead Auditor, GIAC or equivalent) strongly preferred 

Member of Institute of Information Security Professionals (M.IISP) or have the qualification, skills and experience to become a member 

Industry-recognised architecture certification (SABSA, TOGAF or equivalent) 

Certifications from industry-leading vendors of network security solutions would be desirable but is not essential

 

Overall work experience in the field 

Experience in information security > 10 years 

Leadership/ management experience > 6 years 

Previous experience managing a remote/international team preferred 

Proven experience in the delivery of highly technical and innovative security engineering / design products 

Experience working in Financial Services sector preferred but not required 

Experience working in security operations capacity preferred but not required

 

Skills / abilities

Cross cultural sensitivity, flexibility 

Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively 

Strong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, works effectively as a team player 

Ability to function effectively in a matrix structure 

Operate comfortably at management level 

Strong facilitation, negotiation and conflict resolution skills 

Strong analytical skills 

Apply analytical rigor to understand complex business scenarios 

Fluent in English 

Willingness to travel


 

 
Competencies Description Level**
Information Security Management

 

A1 - Governance

A2 - Policy & Standards

A3 - Information Security Strategy

A4 - Innovation & Business Improvement

A5 - Information Security Awareness and Training

A6 - Legal & Regulatory Environment

A7 - Third Party Management

 

E4

Information Risk Management

 

B1 - Risk Assessment

B2 - Risk Management

 

E3

Implementing Secure Systems

 

C1 - Security Architecture

C2 - Secure Development

 

E4

Information Assurance Methodologies and Testing

 

D1 - Information Assurance Methdologies

D2 - Security Testing

 

E3

Operational Security Management

 

E1 - Secure Operations Management

E2 - Secure Operaions & Service Delivery

E3 - Vulnerability Assessment

 

E3

Incident Management

 

F1 - Incident Management

F2 - Investigation

F3 - Forensics

 

E3

Audit, Assurance & Review

 

G1 - Audit & Review

 

E3

Business Continuity Management

 

H1 - Business Continuity Planning

H2 - Business Continuity Management

 

E2

Business skills and ompetences

 

J1 - Teamwork and Leadership

J2 -Delivering

J3 - Managing Customer Relationships

J4 - Corporate Behaviour

J5 - Chang and Innovation

J6 - Analysis and Decision Making

J7 - Communication and Knowledge Sharing

E4

 

Leadership 

Creates an environment for developing and fostering leadership excellence 

Effectively communicates the group vision and goals and the benefits in achieving the strategy 

Recognizes potential leaders and provides them with challenging assignments/stretch goals 

Takes calculated risks in decision-making and seeks inputs from the team / stakeholders for the same. 

Creates mechanisms to recognize individual/group contribution & achievements 

Can effectively mentor others to acquire this competency

 

Strategic Thinking

Articulates a vision, develops organizational goals and strategies 

Maintains a wider perspective, aligns actions and contributes to the enhancement overall organizational strategy including outputs from benchmarking activities and reviews 

Understands and articulates the projected direction of the organization and how changes to it might impact the group 

Is aware of the trends in the external environment and key differentiators vis-a-vis competition and uses this information to anticipate how these changes would impact the organization

 

Problem solving

Recommends solutions relevant to the complexity, scope, risk and magnitude of problem

 

Planning 

Plans up to 2-5 years ahead (particularly when preparing budgets and resource requirements), in accordance with the project/program portfolio to ensure its successful delivery Provides input into planning and prioritization of project activities 

Required to analyze and critically evaluate information as well as formulate plans based on multiple sources of information 

Forward planning required e.g. target setting and forecasting trends 

Ability to manage action plans, review progress and make adjustments where required

 

Decision making

Advises on decisions regarding strategy, policy, and structures 

Quick to assimilate and integrate new information for informed decision making 

Monitor changes in the operating environment, quick to act upon potential opportunities. 

Able to quickly evaluate a situation or issue and take the initiative within limits of authority.

 

Coaching and Mentoring 

Coaching: The process of assisting individuals to set goals then supports the execution of the goals through establishing strategy and providing feedback, insight and guidance to enable the individual to reach their fullest potential. 

Mentoring: The process in which an experienced colleague is assigned to an inexperienced individual and assists in a training and development or general support role

 

Interpersonal skills 

Assertiveness, empathy, active listening 

Oral communication, persuasive skills


Job purpose

• Drive effective teamwork, communication, collaboration and commitment to deliver services

• Own and manage requirements gathering and translation of them into information security architecture.

• Design and engineer secure information systems based on ATS and Group Information Security Architecture.

• Identify emerging trends in information security in close collaboration with Group Information Security to provide input into ATS information security strategy.

• To provide consultancy across ATS and its customers on ensuring secure architecture and engineering principles are applied during the system development lifecycle.

• To architect, design and build security systems owned by ATS IS such as PKI, Privileged User Account Management and security logging and monitoring.

 

ATS security architecture & information security standards development 

Engage with key ATS stakeholders and the Senior Security Architect to develop and capture security architecture requirements and principles. 

Establish information security architecture governance for business and project engagement. 

Based on established architecture principles, develop ATS information security architecture building blocks and define and maintain a reference model (blueprint). 

Own, develop and manage a consultancy service for ATS IS on information security architecture and engineering. Important

 

Security solutions design governance 

Own, develop and manage the security solutions design and governance service in ATS. 

Gather information security requirements from ATS and its clients and translate them into actionable solutions. 

Work in collaboration with ATS procurement in order to drive RFPs for information security solutions. 

Work alongside Solution Architects and Engineers to ensure architecture principles are adhered to. 

Ensure information security architecture principles are adhered to by establishing architecture review gates during the project lifecycle. 

Ensure input is provided to security design exceptions and waivers. 

Maintain an up-to-date repository of information security architecture and design documents. 

 

Information Security Research and Innovation 

Own, develop and manage the delivery of information security research and innovation activities in ATS. 

Assess, analyse and understand emerging risks, regulations and threats working in close collaboration with Group Information Security. 

Support ATS CISO and other ATS stakeholders by providing key insights on technology, impact on threats and service management to input into new security strategies and programmes; 

Assist ATS in identifying emerging trends in information security and align these to business requirements. 

Proactively identify emerging attack vectors and investigate mitigating controls or countermeasures. 

Identify new approaches and security strategies that promote the use of security tools and mechanisms to mitigate Cyber security risks and manage threats; 

Research new methods and systems for accomplishing the ATS Information security practice and services. 

Input into Group Information Security portfolio to security solutions and technologies in order to meet ATS requirements.

 

Security Design and Solutions team management 

Manage the team availability and capability in order to meet demand from within ATS. 

Develop the team in order to ensure skills and competencies meet current and future requirements. 

Drive effective teamwork, communication, collaboration and commitment to deliver Security Architecture, research and innovation. Crucial

 


With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio.

As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to

redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders. AXA is setting-up a Group Information Security practice in order to reinforce its short-term risk

reduction strategy, aligned with AXA strategy & culture and based on the industry standards.

AXA Technology Services is a subsidiary 100% dedicated to the AXA Group entities which aim to provide IT infrastructure services worldwide. AXA Technology Services is now present in 16 countries and employs

more than 3,500 people in the areas of activity: Network Computer, Distributed Systems, Mainframe, Document Management, Applications and Data Centers. Our vision for Information Security is to ‘protect our

stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA

employees’.