Information Security Assurance Officer (F/H)

Job description

POSITION MAIN ACTIVITIES

To ensure Information Security is at the proper level and controls defined are effective so that AXA can reach its security
ambition, the Information Security Assurance Officer will support AXA entities in rolling-out their assurance program and by
giving a second opinion on its maturity and the effectiveness of the controls defined.
By identifying and understanding the existing gaps locally and globally, the Information Security Assurance Officer will help
AXA moving from a pure compliance check approach to an actual risk-management decision making, allowing proper
prioritization and define adequate improvement plans.

Main tasks will be:
• Contribute to provide assurance over the effectiveness of information security controls across the AXA entities
(assessments) and build the consolidated picture to AXA executive management. But also support findings
resolution or escalation.
• Contribute to scoping and scheduling of engagements with entities and manage any issues or conflicts.
• Contribute to the definition of the Group Security assurance test strategy and approach to ensure Group Security
assurance goals are met.
• Contribute to the definition and maintenance of the Information Security Assurance Framework and IS
Testing/Assurance Life Cycle
• Contribute to assure the quality of the assurance testing services provided by vendors or internal teams
• Perform testing of Information Security Assurance processes and procedures across the Group, acquisitions and
vendors
• Draft testing reports of critical issues and status updates in a timely manner to the necessary stakeholders
• Perform assessments related to the AXA Controls Framework and ISO 27001
• Assist with analysis of functional specifications for completeness and to identify testing requirements

Scope
This position will have a key impact on the ability to conduct assurance testing activities on the information security
controls across the organization.
This position will perform his assignment within an international decentralized organization.

Stakeholders
Internal - Expected to interact with Group Risk & Group Internal Audit, IT Leadership & Business Leadership, Group
Compliance & Legal, IT Operations & Business Operations, peers, Local/Regional CISO and Security team members
External - Expected to interact with external third parties to be tested and vendors

Desired profile

Qualifications :

PROFILE, SKILLS & COMPETENCIES

Experience
• Bachelor's degree in computer science, Engineering, project management or related field
• Experience in assurance testing activities > 3 years
• Experience with project management and coordination 3 years
• Experience in network and/or firewall engineering, administration, design and implementation including
experience in applying methodologies and principles for all levels of Information Security 3 years

Certifications
• Information Security and/or Information Technology industry certification (ISO 27001 (Implementer/Auditor), CISSP,
CISA, CISM, GIAC, CRISC or equivalent) preferred

Soft skills
• Ability to function effectively in a matrix structure
• Good facilitation, negotiation and conflict resolution skills
• Good networking skills
• Team player
• Apply analytical rigor to understand complex business scenarios
• Fluent in English
• Ability to organize