Information Security Officer

**Job Description**:
Why AXA? Every day, we work together for human progress by protecting what matters. A mission that puts a smile on your face and makes you want to get up in the morning

One of the world's leading insurers in the protection of property, people and assets, AXA is 145,000 employees and contributors who are committed to our customers on a daily basis, 51 countries in which we distribute our products and services and more than 90 million customers who place their trust in us worldwide. As a responsible corporate citizen, AXA is committed to social and environmental causes on a daily basis. We are committed to an inclusive policy that recognizes and values individual differences. Do these ambitions speak to you? Then come and change the world with us

**YOUR WORK ENVIRONMENT**:
**Within the Group,** **you will join the Security department,** which covers the three components of Security: Information security, Operational Resilience and Physical Security & Safety.

**Within this Department,** you will be part of the **Information Security team.**You will play a key role in the operational security by developing and implementing an overall information security program to protect the organization’s data company against security breaches and vulnerability issues.

**YOUR ROLE AND RESPONSABILITIES**:
**Managing security threat incident /vulnerabilities and security alerts**
- The main objective is to ensure an efficient response to the increasing cyber security threat:

- Handle security incidents alerts and events: tracks, assess, notifies, contains, investigate, remediate
- Learn from previous threat experience to improve infrastructure component protection strategies and cyber incident handling procedures to prevent a cyber incident
- Proactively investigate new threats to the business and propose solutions to address them.
- Work with AXA SOC /SIRT teams to coordinate
- incident response
- Perform advanced analysis such as forensic hardware seizures, malware triage, dynamic analysis, and determining the scope of compromise during an incident
- Manage patch and vulnerability management with the coordination of AXA GO teams
- Analyze and process security alerts from the security tools (DLP tools, SEP, EDR, AIP, QUEST )

**Define implement and improve security controls & policies**:

- Detect and analyze inputs to monitor security threat
- Improve/adapt the existing security policies/controls or create new ones.
- Develop specific controls and policies to increase the level of protection of sensitive data and reduce data leakage risks.
- Contribute to the definition of the control plan to reduce the risk
- Implement controls defined and handle related anomalies with involved stakeholders.

**Management of end-user Information Security requests & exceptions**

- Handle end-user security requests (installation of unqualified software, specific access rights, security exception (Admin right, transfer data, USB, proxy exception
- Analyzing compliance of the requests compared to the Security guidelines and provide positions/advice/ derogations.
- Provide Information security positions and guidelines (technical architecture review, security risk analysis, etc.) on IT projects with a risk-oriented approach.

**Supporting the implementation of local & Group Security initiatives and project**
- Supports Group Security by designing, implementing and managing IS Strategy & policies components across AXA to ensure that Group Information Security goals are met.
- Contribute to the projects launch to make evolve the security tools (upgrade, new module acquisition, new policies) in coordination with Group Security and AXA Services teams.

**Governance/Compliance & Reporting**
- Contribute /formalize the documentation related to the security operations: define or redefine guidelines, user guide, process, procedures, for the security tools managed in the team
- Helping & ensuring the organization follows the regulatory requirements related to information security (ISO 27000 standard, RGPD, DORA )
- Update the Information Security Management System (ISMS) in place in accordance with the ISO 2700 standard (policies, procedures, etc.)
- Implement continuous improvement processes and activities (e.g. good practices, reporting, problem resolution) to ensure quality and relevance of security services
- Drive cultural and organizational change and help to implement a sustainable information security awareness practice
- Collect/monitor security KPIs and prepare security reporting to group security/risk committee/steering committee
- Regularly update the CSO to contribute your expertise & insight to strengthen the GIE AXA strategy and governance

**YOUR PROFILE**:
Take a look at this handy list to help you decide if you’ve got the right skills and experience for this role. We’re looking for someone with:

- Master’s degree in business or engineering (IT, Security, Management, Risk Management)
- Professional certificat