• Performing SME internal controls risk assessments of technology enabled projects and 3rd party vendor assessments
• Function as a Subject Matter Expert in several IT Risk domains (e.g. Access Control, Change Management, Cryptography, Secure Network Design)
• Support day to day technology controls, project risk reviews
• Identify continuous improvements to IT risk reviews
• Act as a subject matter expert on IT internal controls risk assessments and analysis
• Contribute to governance and facilitate remediation of related risks, deficiencies, gaps or issues
• Advise and assist project teams on compensating control alternatives where IT risk requirements cannot be met
• Support key reporting activities associated within key function
• Perform ad hoc IT risk analysis and reporting
• Contribute as a team member to all other risk, security, compliance initiatives and services as appropriate
• Collaborate with key stakeholders in IT and the Business (e.g. Risk Management, Legal & Compliance, etc.)
• A bachelor’s degree in computer science, management information systems, engineering or a related discipline and at least five, typically seven or more years in audit, SOX and regulatory program management
• 5+ years’ experience in administering security controls in an organization
• In-depth knowledge security and risk frameworks NIST security framework, SANS, ISO 27001/2, COBIT, IRAM
• Have experience leading internal assessments (e.g.; IRAM, SOC1.SOC2, GLBA)
• Experience with creating, updating corporate IT and Security policies and procedures
• Experience writing and/or responding Audit Programs/Controls is required – must demonstrate high level technical ability with Compliance and Regulatory Audit, Implementation Audit, GCC/Network Audit, Sox Audit
• Knowledge of security domains, products, platforms, systems, and/or processes supported and integration with other systems and processes
• Computer Science, Information Technology, or relevant field
• Prior “Big 4” Risk Assurance experience preferred
• CISSP, CISM, CISA, GCEIT, CRISC certification are a plus
• Experience with Windows, Linux, UNIX and Virtual environments. Ability to recommend Operating System hardening for all environments and systems.
• Must have experience with integrity controls, access controls, incident response procedures, security architecture and design
• Possess a broad knowledge of IT risk system controls (e.g. CISSP domains) and knowledge to identify technical, operational and business risks
• Knowledge of the project and system development life cycle
• Demonstrated ability to handle multiple tasks with shifting deadlines and priorities under limited supervision
• ISACA, SANS or CISSP certification preferred
NOTE: AXA participates in the E-Verify program.
In addition to competitive compensation and an outstanding benefits package including 401 (k) and medical programs, we offer the opportunity for continued professional development in a congenial corporate environment.
AXA is committed to providing equal employment opportunities to our employees, applicants and candidates based on individual qualifications, without regard to race, color, religion, gender, gender identity and expression, age, national origin, mental or physical disabilities, sexual orientation, veteran status, genetic information or any other class protected by federal, state and local laws.
AXA is a leading financial protection company, committed to fostering and maintaining a diverse, multicultural and inclusive environment, and one of the nation’s premier providers of life insurance and annuity products. The organization was established in 1859 and we are committed now more than ever to helping clients meet financial goals in all stages of their lives. One of the hallmarks of our proud heritage is providing world-class customer service.
We're always looking for smart and talented people to help us develop new and innovative ways to expand our product portfolio, reach new customers and serve well the clients already a part of the AXA family.