[ POURVUE ]
To support our business strategy and digital transformation, AXA is building a new Group Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business. Our vision for Information Security is to ‘protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees’.
In this role, you will:- Contribute to the definition of the Group Information Security Management Assurance test strategy and approach.
- Contribute to development, formulation, and drive the implementation and execution of appropriate testing mechanisms to assess the information security management control adequacy and efficiency where risks and controls have been identified by both business and IT, thereby ensuring that assurance goals are met.
- Contribute to the development and maintenance of assurance testing frameworks (Security management and Technical assurance)
- Lead an efficient and effective team with the capability to provide a pivotal role in Information Security Management Assurance controls that are designed to manage the Group`s high priority or most significant risks within the ambit of the AXA risk appetite.
- Scope, implement and perform the Information Security Management Assurance testing plan.
- Coordinate Information Security Management Assurance issue resolution and escalation.
- Own the stakeholder expectations and priorities effectively.
- Work cross-functionally to manage and organise work processes and ensure most efficient work flow.
- Continually build and enhance Control Assessing tools and processes to meet stakeholder requirements
- To be fluent in English
- To have at least 7 years of team management experience
- To have at least 7 years of experience in IT Security, IT risk management, IT audit, ISMS
- To have at least 5 years of experience in Information Security Controls and Vulnerability Databases, network and/or firewall engineering and administration specifically relating to application of methodologies and principles for all levels of Information Security, technologies, tools and process controls to minimize risk and data exposure
- To have one or several certifications related to Information Security (CISSP, OSCP, OSCE, CEH, COBIT, SANS...)