Security Expert Lead

At AXA IM our purpose, to act for human progress by investing for what matters, is central to every action we take as a business. As a responsible asset manager, we actively invest for the long-term to help our clients, our people and the world to prosper.

As a future Security Expert Lead you will report to our Head of Cybersecurity Operation and you will be part of AXA IM Technology / Infrastructure team.

**DISCOVER your opportunity**

Cybersecurity Operation team provides expertise to stakeholders to leverage a risk-driven approach and support critical and vital activities for both project and business-as-usual activities.

In this context, the intersection of cybersecurity and project management brings a unique set of challenges and opportunities. It requires a cybersecurity expert not only to understand the principles of cybersecurity but also to integrate them into project management process.

Expectations & Benefits are multiple: ensure that security services are, by design, correctly implemented and compliant with the expected level & with AXA group security policies, reduce time-to-market, increase user experience, raise quality of service & do savings by developing more simplification, more automation, more controls.

**1) Technology and Information Security Projects (Primary mission)**
- Support Technology business facing teams for their support and project activities providing cybersecurity expertise and engineering on technology solutions, and as part of project squads leading cybersecurity operations related activities.
- As new services are defined, or changes applied to production platforms, drive projects to achieve the desired outcomes within the set of delivered services. Develop necessary controls and processes to support operational risk, business continuity plan framework and IT security aspects.
- Work with the team to design new cybersecurity solutions. Manage end of life and obsolescence of platforms and cybersecurity solutions in line with AXA IM Technology strategy. Ensure impact of new solutions have been assessed and are consistent with existing technology framework and architecture patterns. Lead technical related projects to implement and deploy these new cybersecurity solutions, including project streams part of SMART program.
- Integrate security into projects' development and life cycle to improve and optimize the Security Policy
- Ensure Operational Security by implementing IT processes, upgrading existing processes and documenting both.
- Assess, challenge and review vulnerabilities criticality to deliver risk-based insights useable by business stakeholders (DPO, workplace,...)
- Ensure implementation of follow-up of remediation actions post assessment.
- Provide support to project and business stakeholders on deficiencies found and remediations to implement.
- Contribute to enhancing and optimizing the efficiency of control activities by working hand-in-hand with all concerned stakeholders.

**2) As part of cybersecurity operation team**:
Security
- company guidelines / regulations to ensure company data is held in a secure manner, including electronic access or in written format.
- Escalate any security issues or potential security breaches as appropriate to ensure any potential issues can be secured.
- Aligned with Information System Security policy and guidelines, develop and deploy processes that will ensure level 1 controls are in place, actioned and tracked.
- Deliver security projects to protect the overall infrastructure, in-line with AXA Group policy.
- Support IT audits as required and drive the recovery of any audit deficiencies to pre-agreed deadlines.

Innovation
- Develop a culture of innovation across the team, to deploy new services in a value-add and cost-effective way towards the business.

LI-JB1

**Your Profile**

**SHARE your unique expertise**

We Welcome Different Combinations Of Skills And Experiences.

Education & Experience:

- Master degree in Computer Science or significant experience in similar technical IT management roles
- Information Security and /or Information Technology industry certification (CISSP-ISSAP, CISM, ISO 27001 Lead Auditor, GIAC or equivalent) strongly preferred
- Minimum 5 years of experience in information security
- Information risk approach and risks analysis experience mandatory
- Experience in advisory role on IT security for Business projects a plus
- Experience in managing complex stakeholder relationships mandatory

Key Competencies
- Fluent in English mandatory. Working knowledge of French preferred
- Client focus is a key asset. To be the business advocate for locally delivered services in a service-oriented manner
- Cross cultural sensitivity, flexibility
- Organized with a proven ability to prioritize workload, meet deadlines, and use time effectively
- Strong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, work effectively as a team player
- Able to