Information Security Pentest PMO

**1. Department description: (main responsibilities, team size...)**

Within the Security Department, Information security department is in charge of the design of the information security strategy, standards for AXA IM and of the management and the control of risks related to information and systems. The team is in charge of the program management, awareness & communications, penetration testing coordination and information security requirements for third parties. The team also manages a Security Incident Response Team.
Within this international and multicultural team, the job purpose is to manage AXA IM penetration testing program and analyzing the information security requirements form from the third parties and Information Security clauses in contracts. The role will also include the preparation of AXA IM due diligences answer on Information Security for partners.

**2. Main responsibilities**:
Manage Information Security Requirements questionnaires:

- Maintain the Information Security Requirement questionnaires with 3rd parties and adapt it when needed (excel file)
- Ensure the analysis of Information Security Requirements answers from provider in depth and validate it on all projects and due diligences request (around 50 per year)
- Ensure the review of IS Clauses in contracts and validate exceptions if the supplier does not include it in contract.
- Ensure that, for critical suppliers, ISR questionnaires are reviewed and validated in time, in accordance with our policies.

Manage Penetration Testing Program:

- Ensure the organization and preparation of Kick offs with the pentesters, the Application Owner and all the stakeholders needed and adapt the campaign with this information
- Ensure that all pentesters accesses and material are prepared in time, and do a follow-up on the test.
- Validate the penetration testing report with an in-depth analysis.
- Ensure the vulnerabilities remediations follow-up and the quarterly reporting to Group Security on the penetration testing tracker.
- Prepare Risk acceptance form if need with a validation in Governance Risk Committee.
- Manage vulnerabilities from Appplication security code audit tool and ensure remediations with the developers.

Project Management Officer:
The team is responsible for managing the security program (Information Security, Physical Security, Operational Resilience, Health & Safety) and to deliver the projects on time, on budget and in scope. The program has stakeholders in IT infrastructure teams and also include AXA Group Security objectives and reporting.
- Ensure the monthly follow-up with Group Security, with the reporting on all deliverables and priorities.
- Help the program manager on the deliverables follow-up and reporting for AXA IM, on roadmap follow-up and arbitrations and budget.
- Help the program manager on Committee preparation and follow-up.
- Participate to the organization of security awareness

**QUALIFICATIONS**

**3. What profile are we looking for?**
- Education : Bac +4/5 - Engineering school or master in computer science
- Technical skills (It, Financial analysis...) : Fluent English; knowledge of information security, general computer skills
- Relational and behavioral skills: Autonomy, rigor, curiosity, teamwork.
- Any non-essential skills or experience that would be a plus: project management, cyber security

**ABOUT AXA**

Would you like to wake up every day driven and inspired by our noble mission and to work together as one global team to empower people to live a better life? Here at AXA we strive to lead the transformation of our industry. We are looking for talented individuals who come from varied backgrounds, think differently and want to be part of this exciting transformation by challenging the status quo so we can push AXA - a leading global brand and one of the most innovative companies in our industry - onto even greater things. In a fast-evolving world and with a presence in 64 countries, our 166,000 employees and exclusive distributors anticipate change to offer services and solutions tailored to the current and future needs of our 103 million customers.

AXA Investment Managers (AXA IM) is a responsible asset manager, actively investing for the long-term to help its clients, its people and the world to prosper. Our high conviction approach enables us to uncover what we believe to be the best global investment opportunities across alternative and traditional asset classes, managing €887 billion in assets as of December 2021.

AXA IM is a leading investor in green, social and sustainable markets, managing €563 billion of ESG-integrated, sustainable and impact assets at the end of 2021.

We are committed to reaching net zero greenhouse gas emissions by 2050 across all our assets, and integrating ESG principles into our business, from stock selection to our corporate actions and culture. Our goal is to provide clients with a true value responsible investment solution, while driving meaningful