Information Security Assurance

Whatever their stage of life, we provide over 108 million customers with the products and services they need to progress. From insurance to personal protection, and savings to wealth management, no matter the need we’re always there for them. And we’re always there for our employees. In 50 countries, we work hard to inspire pride and a sense of belonging in our people. To provide opportunities that challenge them, inspire them, and reward them. And to create a culture that’s open, supportive, and empowering. Because we know that’s the real secret to success – and the best way for us to keep building a better world for both our customers and the talented people who put them first.

Your work environment

The headquarters of the AXA Group (GIE AXA) brings together our corporate activities. It provides guidance and support to subsidiaries around the world, to ensure the coordination and monitoring of the Group's global strategy, the application of its standards, the consistency of commercial approaches and the sharing of best practices. The headquarters gathers approximately 1000 employees and is distinguished by its strong international culture (45 nationalities), which makes it a rich and stimulating place to work.

Job purpose

Update the Information Security Management System (ISMS) in place in accordance with the ISO 2700 standard (policies, procedures, etc.)
Update the ISMS improvement plan and participate at deploying it to achieve the ISO 27001 target set by Group Security.
Make sure to systematically keep the GIE AXA and AXA SA’s Security Strategy aligned with Group AXA’s and oversee its full implementation & effectiveness.
Identify the security roadmap and monitor its execution.
Assess risks, threats, consequences, as well as draft and propose the Risk Treatment Plans.
Take the lead on security projects and ensure that are deployed correctly and in accordance with security expectations.
Ensure the GIE AXA contributes to reinforce the Group Global Security capabilities.
Ensure the required periodic testing of project, infrastructure, application, and 3rd party risks.
Regularly update the CSO to contribute your expertise & insight to strengthen the GIE AXA strategy and governance.
Take the lead on initiating measures to ensure employees’ sustainable information security practices.
Drive cultural and organizational change throughout his scope and implement a sustainable security awareness practice.
Effectively monitor, control and support service delivery, ensuring methodologies and procedures are followed.
Collaborate with the team and Operations representatives in the design of appropriate metrics for reporting on key performance and risks indicators.
Report on security Key performance and risks indicators (indicators collection, analysis of results, identification of root cause of unsatisfactory indicators, identification of action plans, …)
Provide expertise and insights on overall operational effectiveness of security activities (Information security, Operational resilience, Physical Security)
Proactively investigate new threats to the business and propose solutions to address them.
Improve security processes and try to converge and simplify when relevant.
Perform security watch.
Coordinate audits, establish action plans and ensure they are deployed in according to closure criteria.

Dimensions

Contribute to upgrading the CSO team’s information security practices and methodology.
Provide in-depth updates of information security activities to concerned stakeholders.
Produce all information security reporting to designated committees on time.

Context & Major challenges

Ensure the Business’ current and future applications adhere to the Group standards risk-oriented approach.
Ensure the GIE AXA/AXA SA and all internal suppliers properly implement follow-up actions to perpetually improve Security.
Ensure Operational Security by implementing IT processes, upgrading existing processes and documenting both.
Operate the steering of all security activities to feed reporting to different stakeholders.
Contributes to deliver information security strategy and governance as a senior information security leader.
Maintain and feed Tracking tools to keep them regularly updated and published based on review meeting outcomes.
Establish security roadmap.
Follow up adequation of security activity progress vs roadmap.
Ensure continuous communication between different teams and CSO within the department.
Update the Information Security Management System (ISMS) in place in accordance with the ISO 2700 standard (policies, procedures, etc.)
Make sure to systematically keep the GIE AXA and AXA SA’s Security Strategy aligned with Group AXA’s and oversee its full implementation & effectiveness.
Identify the list of sensitive assets.
Assess risks, threats, consequences, as well as draft and propose the Risk Treatment Plans.
Conduct the risk assessment of providers, control compliance to the contractual procedures, the service deliveries, and the providers’ ongoing compliance.
Ensure the GIE AXA contributes to reinforce the Group Global Security capabilities.
Ensure the required periodic testing of project, infrastructure, application, and 3rd party risks.
Regularly update the CSO to contribute your expertise & insight to strengthen the GIE AXA strategy and governance.
Take the lead on initiating measures to ensure employees’ sustainable information security practices.
Coordinate audits, establish action plans and ensure they are deployed in according to closure criteria.
Contributes to deliver security projects.
Perform cyber watch and share with the team.

Key accountabilities

Contribute to foster security activities within CSO department through methodology evolution proposals.
Monitor quality of reporting that has to be delivered to group security or other stakeholders.
Organize steering activities that are delivered within the CSO department.
Conduct service presentations to explain the operation and support of technology security services, ensuring that the content of services (and customer responsibilities within them) are fully understood.
Contribute to deliver a consistent overview of security activities.
Ensure follow up of finance and resources capabilities accordingly to budget agreements and reforecasts that has been approved by GIE AXA Chief Security Officer.

Compliance

Ensure that IT security within the GIE AXA / AXA SA is relevant, cost-effective and is delivered in accordance with the Group Security Strategy.
Ensure local compliance with the security standards, instructions, and strategic initiatives.
Ensure the achievement of the security targets in the entity, as set by Group Security.
Promote a culture of security and raise awareness.
Ensure development and maintenance of auditable processes to enforce consistency within the local entity.
Monitors compliance with standards, procedures, and regulations.

Expert

Oversee the execution of security projects.
Monitor the execution of internal & external audit issues.
Serve as an expert advisor in the implementation and maintenance of security.
Identify and analyze security risks, recommend appropriate mitigation options, and document all components in clear, business-intelligible language.
Monitor and maintain system confidentiality, integrity and availability.
Ensure development and maintenance of auditable processes to enforce consistency within the local entity.
Implement continuous improvement processes and activities (e.g. good practices, reporting, problem resolution) to ensure quality and relevance of security services.

Management

Establish, manage, and develop the team
Optimizes monitoring and organization processes
Allocates activities and objectives
Controls the running of the activity through regular monitoring (quality, respect for schedules, ...)
Brings its expertise on the different fields
Informs, provides feedback, formalizes processes to its employee
Develops its employee, appreciating the needs of training and / or support

Votre Profil

Main competencies

Information risk approach and risks analysis experience.
Experience in advisory role on IT security in the BAU.
Information Security and /or Information Technology industry certification (CISSP-ISSAP, CISM, ISO 27001 Lead Auditor, GIAC or equivalent).
Organized with a proven ability to prioritize workload, meet deadlines, and use time effectively.
Able to explain security challenges and recommendations to non-IT stakeholders.
Ability to function effectively in a matrix structure.
Proven facilitation, negotiation, and conflict resolution skills.
Appling analytical rigor to understanding complex business scenarios.
Fluent in English.

Interpersonal skills

Knows how to bring, argue, and express its expertise to a senior audience.
Accompanies, trains, and advises its employees in the context of their activities.
Reports to his/her hierarchy.
Knows how to formulate improvements and adaptations.
Communicates clearly and tracks strategic priorities within the team.
Cross cultural sensitivity, flexibility.
Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively.
Strong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, works effectively as a team player.
Strong facilitation, negotiation, analytical, and conflict resolution skills.

A propos d'AXA

Notre raison d’être chez AXA ? Chaque jour, nous agissons ensemble pour le progrès humain en protégeant ce qui compte. Une mission qui donne le sourire et envie de se lever le matin

Un des leaders mondiaux de l’assurance dans la protection des biens, des personnes et des actifs, AXA c’est 145 000 collaborateurs et contributeurs qui s’engagent au quotidien pour nos clients, c’est 51 pays dans lesquels nous distribuons nos produits et services et plus de 90 millions de client qui nous font confiance dans le monde. Employeur citoyen et responsable, AXA s’engage au quotidien pour des causes sociétales & environnementales. Nous menons une politique inclusive engagée pour reconnaître et valoriser les différences individuelles. Ces ambitions vous parlent ? Alors venez changer le monde avec nous

A propos de notre entité

Le siège du Groupe AXA est basé à La Défense (Tour Majunga) et regroupe les activités corporate du Groupe. Il se distingue par une forte culture internationale.

Pourquoi nous rejoindre ?

Vous rejoignez une entreprise :

- Responsable, vis-à-vis des personnes, y compris ses employés et ses clients, et de la planète.
- Aux valeurs fortes
- Qui encourage la mobilité interne, et la formation de ses employés
- Qui vous offre de nombreux avantages (en savoir plus ici : Reward & Benefits - french | AXA Group)
- Flexible, qui permet le travail hybride, au bureau et à la maison.

Les informations fournies par les candidat(e)s seront traitées de manière strictement confidentielle et utilisées uniquement à des fins de recrutement.

---