1. Home
  2. IT development
  3. Information Security Assurance %26 Governance Lead - (M/F)

Offers “Axa”

Expires soon
Axa

Information Security Assurance %26 Governance Lead - (M/F)

  • CDI
  • Puteaux (Hauts-de-Seine)
  • IT development
Apply Now

Job description

*

Whatever their stage of life, we provide over 108 million customers with the products and services they need to progress. From insurance to personal protection, and savings to wealth management, no matter the need we’re always there for them. And we’re always there for our employees. In 50 countries, we work hard to inspire pride and a sense of belonging in our people. To provide opportunities that challenge them, inspire them, and reward them. And to create a culture that’s open, supportive, and empowering. Because we know that’s the real secret to success – and the best way for us to keep building a better world for both our customers and the talented people who put them first.

Your work environment

The headquarters of the AXA Group (GIE AXA) brings together our corporate activities. It provides guidance and support to subsidiaries around the world, to ensure the coordination and monitoring of the Group's global strategy, the application of its standards, the consistency of commercial approaches and the sharing of best practices. The headquarters gathers approximately 1000 employees and is distinguished by its strong international culture (45 nationalities), which makes it a rich and stimulating place to work.

Job purpose

  • Update the Information Security Management System (ISMS) in place in accordance with the ISO 2700 standard (policies, procedures, etc.)
  • Update the ISMS improvement plan and participate at deploying it to achieve the ISO 27001 target set by Group Security.
  • Make sure to systematically keep the GIE AXA and AXA SA’s Security Strategy aligned with Group AXA’s and oversee its full implementation & effectiveness.
  • Identify the security roadmap and monitor its execution.
  • Assess risks, threats, consequences, as well as draft and propose the Risk Treatment Plans.
  • Take the lead on security projects and ensure that are deployed correctly and in accordance with security expectations.
  • Ensure the GIE AXA contributes to reinforce the Group Global Security capabilities.
  • Ensure the required periodic testing of project, infrastructure, application, and 3rd party risks.
  • Regularly update the CSO to contribute your expertise & insight to strengthen the GIE AXA strategy and governance.
  • Take the lead on initiating measures to ensure employees’ sustainable information security practices.
  • Drive cultural and organizational change throughout his scope and implement a sustainable security awareness practice.
  • Effectively monitor, control and support service delivery, ensuring methodologies and procedures are followed.
  • Collaborate with the team and Operations representatives in the design of appropriate metrics for reporting on key performance and risks indicators.
  • Report on security Key performance and risks indicators (indicators collection, analysis of results, identification of root cause of unsatisfactory indicators, identification of action plans, …)
  • Provide expertise and insights on overall operational effectiveness of security activities (Information security, Operational resilience, Physical Security)
  • Proactively investigate new threats to the business and propose solutions to address them.
  • Improve security processes and try to converge and simplify when relevant.
  • Perform security watch.
  • Coordinate audits, establish action plans and ensure they are deployed in according to closure criteria.

Dimensions

  • Contribute to upgrading the CSO team’s information security practices and methodology.
  • Provide in-depth updates of information security activities to concerned stakeholders.
  • Produce all information security reporting to designated committees on time.

Context & Major challenges

  • Ensure the Business’ current and future applications adhere to the Group standards risk-oriented approach.
  • Ensure the GIE AXA/AXA SA and all internal suppliers properly implement follow-up actions to perpetually improve Security.
  • Ensure Operational Security by implementing IT processes, upgrading existing processes and documenting both.
  • Operate the steering of all security activities to feed reporting to different stakeholders.
  • Contributes to deliver information security strategy and governance as a senior information security leader.
  • Maintain and feed Tracking tools to keep them regularly updated and published based on review meeting outcomes.
  • Establish security roadmap.
  • Follow up adequation of security activity progress vs roadmap.
  • Ensure continuous communication between different teams and CSO within the department.
  • Update the Information Security Management System (ISMS) in place in accordance with the ISO 2700 standard (policies, procedures, etc.)
  • Make sure to systematically keep the GIE AXA and AXA SA’s Security Strategy aligned with Group AXA’s and oversee its full implementation & effectiveness.
  • Identify the list of sensitive assets.
  • Assess risks, threats, consequences, as well as draft and propose the Risk Treatment Plans.
  • Conduct the risk assessment of providers, control compliance to the contractual procedures, the service deliveries, and the providers’ ongoing compliance.
  • Ensure the GIE AXA contributes to reinforce the Group Global Security capabilities.
  • Ensure the required periodic testing of project, infrastructure, application, and 3rd party risks.
  • Regularly update the CSO to contribute your expertise & insight to strengthen the GIE AXA strategy and governance.
  • Take the lead on initiating measures to ensure employees’ sustainable information security practices.
  • Coordinate audits, establish action plans and ensure they are deployed in according to closure criteria.
  • Contributes to deliver security projects.
  • Perform cyber watch and share with the team.

Key accountabilities

  • Contribute to foster security activities within CSO department through methodology evolution proposals.
  • Monitor quality of reporting that has to be delivered to group security or other stakeholders.
  • Organize steering activities that are delivered within the CSO department.
  • Conduct service presentations to explain the operation and support of technology security services, ensuring that the content of services (and customer responsibilities within them) are fully understood.
  • Contribute to deliver a consistent overview of security activities.
  • Ensure follow up of finance and resources capabilities accordingly to budget agreements and reforecasts that has been approved by GIE AXA Chief Security Officer.

Compliance

  • Ensure that IT security within the GIE AXA / AXA SA is relevant, cost-effective and is delivered in accordance with the Group Security Strategy.
  • Ensure local compliance with the security standards, instructions, and strategic initiatives.
  • Ensure the achievement of the security targets in the entity, as set by Group Security.
  • Promote a culture of security and raise awareness.
  • Ensure development and maintenance of auditable processes to enforce consistency within the local entity.
  • Monitors compliance with standards, procedures, and regulations.

Expert

  • Oversee the execution of security projects.
  • Monitor the execution of internal & external audit issues.
  • Serve as an expert advisor in the implementation and maintenance of security.
  • Identify and analyze security risks, recommend appropriate mitigation options, and document all components in clear, business-intelligible language.
  • Monitor and maintain system confidentiality, integrity and availability.
  • Ensure development and maintenance of auditable processes to enforce consistency within the local entity.
  • Implement continuous improvement processes and activities (e.g. good practices, reporting, problem resolution) to ensure quality and relevance of security services.

Management

  • Establish, manage, and develop the team
  • Optimizes monitoring and organization processes
  • Allocates activities and objectives
  • Controls the running of the activity through regular monitoring (quality, respect for schedules, ...)
  • Brings its expertise on the different fields
  • Informs, provides feedback, formalizes processes to its employee
  • Develops its employee, appreciating the needs of training and / or support

Desired profile

Qualifications :

Main competencies

·  Information risk approach and risks analysis experience.
·  Experience in advisory role on IT security in the BAU.
·  Information Security and /or Information Technology industry certification (CISSP-ISSAP, CISM, ISO 27001 Lead Auditor, GIAC or equivalent).
·  Organized with a proven ability to prioritize workload, meet deadlines, and use time effectively.
·  Able to explain security challenges and recommendations to non-IT stakeholders.
·  Ability to function effectively in a matrix structure.
·  Proven facilitation, negotiation, and conflict resolution skills.
·  Appling analytical rigor to understanding complex business scenarios.
·  Fluent in English.

Interpersonal skills

·  Knows how to bring, argue, and express its expertise to a senior audience.
·  Accompanies, trains, and advises its employees in the context of their activities.
·  Reports to his/her hierarchy.
·  Knows how to formulate improvements and adaptations.
·  Communicates clearly and tracks strategic priorities within the team.
·  Cross cultural sensitivity, flexibility.
·  Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively.
·  Strong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, works effectively as a team player.
·  Strong facilitation, negotiation, analytical, and conflict resolution skills.

Make every future a success.
  • Job directory
  • Business directory
    •