[ POURVUE ]
To support our business strategy and digital transformation, AXA is building a new Group Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business. Our vision for Information Security is to ‘protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees’
In this role, you will:- Contribute to the definition and maintenance of the Information Security Development Life Cycle and IS Testing Life Cycle including requirements gathering, risk analysis, planning
- Assure the quality of the assurance testing services provided by vendors or internal teams
- Contribute to the establishment and monitoring of the set up and industrialization of the information security quality assurance and testing services across all group services
- Contribute to the establishment of Information Security Assurance processes and procedures and roll out to across the Group, acquisitions and vendors
- Conduct assurance testing activities, coordinate the assurance testing staffs and work with other Assurance-related stakeholders
- Communicate critical issues and status updates in a timely manner to the necessary stakeholders
- Analyze functional specifications for completeness and to identify testing requirements
- Perform relevant aspects of testing, assurance, release management and environment management
- Embed Information Security Quality Assurance and Testing within a wide variety of projects
- To be fluent in English
- To have at least 7 years of experience in IT Security, IT risk management, IT audit, ISMS
- To have at least 5 years of experience in Information Security Controls and Vulnerability Databases, network and/or firewall engineering and administration specifically relating to application of methodologies and principles for all levels of Information Security, technologies, tools and process controls to minimize risk and data exposure
- To have at least 5 years of experience in Red Teaming, Phishing, Scripting, Attack Path Mapping, and Penetration testing
- To have one or several certifications related to Information Security (CISSP, OSCP, OSCE, CEH, COBIT, SANS...)