Détail de l'annonce pour le poste de Senior IT Auditor - Information Security H/F chez AXA à Paris

[ POURVUE ]
AXA Logo

PRIMARY MISSION:

We are looking for a Senior IT auditor with good information security skills to perform independent reviews of IT applications, infrastructure and systems, as well as information security projects and processes across the various entities in the scope of the Central IT Audit team.

ENVIRONMENT:

Internal Audit reviews the effectiveness of the internal control and risk management framework operated within the Group and directs the global internal audit teams to accomplish its objectives of providing independent and objective assurance on the effectiveness of risk management, internal control and governance processes.

The Central IT Audit team is composed of IT auditors and managers covering IT audit matters at Group level and for various entities accross the Group, as well as providing expertise and resources for the Internal Service Providers and the Regional IT audit teams and audits delivery.

CORE ACTIVITIES:

As a member of the audit team, participate in the definition, planning, and realisation of IT audit assignments over all Technology related areas in accordance to our methodology, including assessments related to:

  • Application and infrastructure security configuration,
  • Information security organisation, standards, and risk management,
  • Source code security,
  • Penetration testing,
  • Application and network architecture,
  • IT Management & Governance,
  • Project Development & Delivery,
  • IT Operations,
  • IT Forensics,
  • Business Continuity.

Working closely with the lead auditor, responsible for part of the audit scope, including the documentation of the key processes and associated controls being reviewed.

Contribute to the draft audit report elaboration, including the formalisation of added value recommendations on internal controls, operating efficiencies and governance processes being reviewed.

Contribute to the presentation of audit conclusions to the management of the area audited.

Participate in the follow up audit issues and recommendations and monitor management’s action plans progress.

Contribute to the development and the maintenance of IT audit work programmes and tools.

EDUCATION:

Graduate majoring in information systems, telecommunications or security.

EXPERIENCE:

At least 3 years of IT security audit experience or 5 years of IT experience, focusing on Information Security matters.

SKILLS:

The applicant must:

  • Demonstrate a proven expertise in information security (including penetration testing), but must also be able to review other IT domains.
  • Be passionate of technology and information security (e.g. know how to search for IT related knowledge, attend to information security conferences, follow information security news).
  • Have strong IT skills, including at least one programming language and good knowledge of Windows or UNIX  operating systems and Microsoft SQL Server or Oracle databases.
  • Show a great ability to listen, a critical mind, a good analytical sense as well as capacity for synthesis.
  • Be able to work in autonomy.
  • Be objective and rigorous in his / her approach.
  • Have good communication skills orally and in writing, ability to convince and to write clear, precise and accurate reports.
  • Be fluent in both English and French (essential).

OTHERS:

  • Knowledge of IT audit methodologies, or Information Security standards (ISO2700x) and tools.
  • Professional certifications (CISA, CISM, CISSP).
  • Having published technical articles or tools related to information security is a plus.
  • Third language a plus.
  • Willing to travel for up to 20% of time.
Postuler