Bachelor degree in Computer Science, Engineering, or related field.
An MSc Information Security would be desirable but is not essential
Information Security and /or Information Technology industry certification (CISSP-ISSAP, CISM, ISO 27001 Lead Auditor, GIAC or equivalent) strongly preferred
Member of Institute of Information Security Professionals (M.IISP) or have the qualification, skills and experience to become a member
Industry-recognised architecture certification (SABSA, TOGAF or equivalent)
Certifications from industry-leading vendors of network security solutions would be desirable but is not essential
Overall work experience in the field
Experience in information security > 10 years
Leadership/ management experience > 6 years
Previous experience managing a remote/international team preferred
Proven experience in the delivery of highly technical and innovative security engineering / design products
Experience working in Financial Services sector preferred but not required
Experience working in security operations capacity preferred but not required
Skills / abilities
Cross cultural sensitivity, flexibility
Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively
Strong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, works effectively as a team player
Ability to function effectively in a matrix structure
Operate comfortably at management level
Strong facilitation, negotiation and conflict resolution skills
Strong analytical skills
Apply analytical rigor to understand complex business scenarios
Fluent in English
Willingness to travel
|Information Security Management|| |
A1 - Governance
A2 - Policy & Standards
A3 - Information Security Strategy
A4 - Innovation & Business Improvement
A5 - Information Security Awareness and Training
A6 - Legal & Regulatory Environment
A7 - Third Party Management
|Information Risk Management|| |
B1 - Risk Assessment
B2 - Risk Management
|Implementing Secure Systems|| |
C1 - Security Architecture
C2 - Secure Development
|Information Assurance Methodologies and Testing|| |
D1 - Information Assurance Methdologies
D2 - Security Testing
|Operational Security Management|| |
E1 - Secure Operations Management
E2 - Secure Operaions & Service Delivery
E3 - Vulnerability Assessment
|Incident Management|| |
F1 - Incident Management
F2 - Investigation
F3 - Forensics
|Audit, Assurance & Review|| |
G1 - Audit & Review
|Business Continuity Management|| |
H1 - Business Continuity Planning
H2 - Business Continuity Management
|Business skills and ompetences|| |
J1 - Teamwork and Leadership
J3 - Managing Customer Relationships
J4 - Corporate Behaviour
J5 - Chang and Innovation
J6 - Analysis and Decision Making
J7 - Communication and Knowledge Sharing
Creates an environment for developing and fostering leadership excellence
Effectively communicates the group vision and goals and the benefits in achieving the strategy
Recognizes potential leaders and provides them with challenging assignments/stretch goals
Takes calculated risks in decision-making and seeks inputs from the team / stakeholders for the same.
Creates mechanisms to recognize individual/group contribution & achievements
Can effectively mentor others to acquire this competency
Articulates a vision, develops organizational goals and strategies
Maintains a wider perspective, aligns actions and contributes to the enhancement overall organizational strategy including outputs from benchmarking activities and reviews
Understands and articulates the projected direction of the organization and how changes to it might impact the group
Is aware of the trends in the external environment and key differentiators vis-a-vis competition and uses this information to anticipate how these changes would impact the organization
Recommends solutions relevant to the complexity, scope, risk and magnitude of problem
Plans up to 2-5 years ahead (particularly when preparing budgets and resource requirements), in accordance with the project/program portfolio to ensure its successful delivery Provides input into planning and prioritization of project activities
Required to analyze and critically evaluate information as well as formulate plans based on multiple sources of information
Forward planning required e.g. target setting and forecasting trends
Ability to manage action plans, review progress and make adjustments where required
Advises on decisions regarding strategy, policy, and structures
Quick to assimilate and integrate new information for informed decision making
Monitor changes in the operating environment, quick to act upon potential opportunities.
Able to quickly evaluate a situation or issue and take the initiative within limits of authority.
Coaching and Mentoring
Coaching: The process of assisting individuals to set goals then supports the execution of the goals through establishing strategy and providing feedback, insight and guidance to enable the individual to reach their fullest potential.
Mentoring: The process in which an experienced colleague is assigned to an inexperienced individual and assists in a training and development or general support role
Assertiveness, empathy, active listening
Oral communication, persuasive skills
• Drive effective teamwork, communication, collaboration and commitment to deliver services
• Own and manage requirements gathering and translation of them into information security architecture.
• Design and engineer secure information systems based on ATS and Group Information Security Architecture.
• Identify emerging trends in information security in close collaboration with Group Information Security to provide input into ATS information security strategy.
• To provide consultancy across ATS and its customers on ensuring secure architecture and engineering principles are applied during the system development lifecycle.
• To architect, design and build security systems owned by ATS IS such as PKI, Privileged User Account Management and security logging and monitoring.
ATS security architecture & information security standards development
Engage with key ATS stakeholders and the Senior Security Architect to develop and capture security architecture requirements and principles.
Establish information security architecture governance for business and project engagement.
Based on established architecture principles, develop ATS information security architecture building blocks and define and maintain a reference model (blueprint).
Own, develop and manage a consultancy service for ATS IS on information security architecture and engineering. Important
Security solutions design governance
Own, develop and manage the security solutions design and governance service in ATS.
Gather information security requirements from ATS and its clients and translate them into actionable solutions.
Work in collaboration with ATS procurement in order to drive RFPs for information security solutions.
Work alongside Solution Architects and Engineers to ensure architecture principles are adhered to.
Ensure information security architecture principles are adhered to by establishing architecture review gates during the project lifecycle.
Ensure input is provided to security design exceptions and waivers.
Maintain an up-to-date repository of information security architecture and design documents.
Information Security Research and Innovation
Own, develop and manage the delivery of information security research and innovation activities in ATS.
Assess, analyse and understand emerging risks, regulations and threats working in close collaboration with Group Information Security.
Support ATS CISO and other ATS stakeholders by providing key insights on technology, impact on threats and service management to input into new security strategies and programmes;
Assist ATS in identifying emerging trends in information security and align these to business requirements.
Proactively identify emerging attack vectors and investigate mitigating controls or countermeasures.
Identify new approaches and security strategies that promote the use of security tools and mechanisms to mitigate Cyber security risks and manage threats;
Research new methods and systems for accomplishing the ATS Information security practice and services.
Input into Group Information Security portfolio to security solutions and technologies in order to meet ATS requirements.
Security Design and Solutions team management
Manage the team availability and capability in order to meet demand from within ATS.
Develop the team in order to ensure skills and competencies meet current and future requirements.
Drive effective teamwork, communication, collaboration and commitment to deliver Security Architecture, research and innovation. Crucial
With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio.
As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to
redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders. AXA is setting-up a Group Information Security practice in order to reinforce its short-term risk
reduction strategy, aligned with AXA strategy & culture and based on the industry standards.
AXA Technology Services is a subsidiary 100% dedicated to the AXA Group entities which aim to provide IT infrastructure services worldwide. AXA Technology Services is now present in 16 countries and employs
more than 3,500 people in the areas of activity: Network Computer, Distributed Systems, Mainframe, Document Management, Applications and Data Centers. Our vision for Information Security is to ‘protect our
stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA