Information Security Officer

Référence de l'offre

6111

Type de contrat

CDI

Niveau d'expérience

Jeunes diplômés

Société du groupeGIE AXA

Famille métierIT, Data & Transformation

Localisation

PARIS, Paris

Why AXA? Every day, we work together for human progress by protecting what matters. A mission that puts a smile on your face and makes you want to get up in the morning

One of the world's leading insurers in the protection of property, people and assets, AXA is 145,000 employees and contributors who are committed to our customers on a daily basis, 51 countries in which we distribute our products and services and more than 90 million customers who place their trust in us worldwide. As a responsible corporate citizen, AXA is committed to social and environmental causes on a daily basis. We are committed to an inclusive policy that recognizes and values individual differences. Do these ambitions speak to you? Then come and change the world with us

The headquarters of the AXA Group (GIE AXA) brings together our corporate activities. It provides guidance and support to subsidiaries around the world, to ensure the coordination and monitoring of the Group's global strategy, the application of its standards, the consistency of commercial approaches and the sharing of best practices. The headquarters gathers approximately 1000 employees and is distinguished by its strong international culture (45 nationalities), which makes it a rich and stimulating place to work.

Within the Group, you will join the Security department, which covers the three components of Security: Information security, Operational Resilience and Physical Security & Safety.

Within this Department, you will be part of the Information Security team. You will play a key role in the operational security by developing and implementing an overall information security program to protect the organization's data company against security breaches and vulnerability issues.

Managing security threat incident /vulnerabilities and security alerts

• The main objective is to ensure an efficient response to the increasing cyber security threat:
• Handle security incidents alerts and events: tracks, assess, notifies, contains, investigate, remediate…
• Learn from previous threat experience to improve infrastructure component protection strategies and cyber incident handling procedures to prevent a cyber incident
• Proactively investigate new threats to the business and propose solutions to address them.
• Work with AXA SOC /SIRT teams to coordinate- incident response
• Perform advanced analysis such as forensic hardware seizures, malware triage, dynamic analysis, and determining the scope of compromise during an incident
• Manage patch and vulnerability management with the coordination of AXA GO teams
• Analyze and process security alerts from the security tools (DLP tools, SEP, EDR, AIP, QUEST…)

Define implement and improve security controls & policies:

• Detect and analyze inputs to monitor security threat
• Improve/adapt the existing security policies/controls or create new ones.
• Develop specific controls and policies to increase the level of protection of sensitive data and reduce data leakage risks.
• Contribute to the definition of the control plan to reduce the risk
• Implement controls defined and handle related anomalies with involved stakeholders.

Management of end-user Information Security requests & exceptions

• Handle end-user security requests (installation of unqualified software, specific access rights, security exception (Admin right, transfer data, USB, proxy exception
• Analyzing compliance of the requests compared to the Security guidelines and provide positions/advice/ derogations.
• Provide Information security positions and guidelines (technical architecture review, security risk analysis, etc.) on IT projects with a risk-oriented approach.

Supporting the implementation of local & Group Security initiatives and project

• Supports Group Security by designing, implementing and managing IS Strategy & policies components across AXA to ensure that Group Information Security goals are met.
• Contribute to the projects launch to make evolve the security tools (upgrade, new module acquisition, new policies …) in coordination with Group Security and AXA Services teams.

Governance/Compliance & Reporting

• Contribute /formalize the documentation related to the security operations: define or redefine guidelines, user guide, process, procedures, for the security tools managed in the team
• Helping & ensuring the organization follows the regulatory requirements related to information security (ISO 27000 standard, RGPD, DORA…)
• Update the Information Security Management System (ISMS) in place in accordance with the ISO 2700 standard (policies, procedures, etc.)
• Implement continuous improvement processes and activities (e.g. good practices, reporting, problem resolution) to ensure quality and relevance of security services
• Drive cultural and organizational change and help to implement a sustainable information security awareness practice
• Collect/monitor security KPIs and prepare security reporting to group security/risk committee/steering committee…
• Regularly update the CSO to contribute your expertise & insight to strengthen the GIE AXA strategy and governance

Take a look at this handy list to help you decide if you've got the right skills and experience for this role. We're looking for someone with:

• Master's degree in business or engineering (IT, Security, Management, Risk Management)
• Professional certifications preferred (ISO 27001 Lead Implementor or Auditor, Information Systems Security Professional CISSP, Certified SOC Analyst CSA, GIAC Incident Handler (GCIH)…
• A minimum of 5 years of relevant professional experience in Information Security
• Work experience in information security operations, incident response, and monitoring services
• Work experience in Data leakage tools
• Strong understanding of network architecture, database security, and IT systems to anticipate and mitigate security risks
• Expertise in various cybersecurity and information security programs, antivirus software, and intrusion detection systems.
• Excellent problem-solving skills to quickly respond to security incidents and ensure they are properly resolved.
• Support the Crisis Management Team/Committee in the event of a threat, an alert or a crisis
• Understanding of data privacy laws and regulations to ensure company compliance.
• Excellent communication skills to discuss complex security issues and solutions with both technical and non-technical staff.
• Information risk approach and risks analysis experience
• Fluent in English (speaking and writing)
• Knows how to formulate improvements and adaptations
• Communicates clearly and tracks strategic priorities within the team
• Sense of urgency, emotional intelligence, ability to escalate properly
• Good judgment and problem-solving ability
• Strategic thinking and excellent attention to detail
• Dynamic, proactive, organized personality
• Strong ability to work as part of a team

You will join:

• A responsible company, towards people, including its employees and customers, and towards the planet
• A company with strong values
• A company promoting internal mobility and the training of its employees
• A company offering many benefits (learn more here: Reward & Benefits | AXA Group)
• A flexible company, allowing hybrid work, in the office and from home.

In line with our commitments, we celebrate each new hire by taking action for global reforestation: we plant a tree for every recruitment. So, are you ready to apply?