Information Security Lead Expert

About AXA

As a world-leading insurance company, we act for human progress by protecting what matters. With 153,000 employees in 54 countries working for 105 million customers, we’ve created a truly dynamic and vibrant community. Inclusion and diversity link closely with our values, and together we’re nurturing a culture of respect, for each other, for our customers and the communities around us. Join AXA and you’ll feel like you belong, are included and can thrive. You’ll be able to shape the way you work and truly grow your potential as you seek out new opportunities, push boundaries and benefit people in critical moments of their lives. This is your chance to build the tomorrow you want. Know you can.

About AXA Group Operations

AXA is becoming a sustainable tech-led company, and at AXA Group Operations (GO), we are one of the major catalysts for this transformation.

We set the tone by triggering and empowering the evolution of our insurance business model through technology and innovation, driving its concrete implementation globally at speed, with a high quality of advisory and execution.

We are present across 13 countries with committed, highly qualified teams. We leverage technology, data, sourcing, security and investment allocation in a global way, but also achieve economies of scale and synergies when necessary.

At AXA GO, we want to be recognized in three fields of action :

• State-of-the-art Data Technology to drive customer experience.
• State-of-the-art Procurement & Sourcing to drive efficiency and better manage risks.
• High-Performing Global Team for stronger partnerships with AXA entities.

Job position pitch

The Information Security Lead Expert leads the development and implementation of the end-to-end strategic approach to Information Security.

Where will you be in the organization?

The division (Group Security)

You will join the Group Security division, defining the security standards to be applied by AXA entities, overseeing the overall security posture across the Group and providing centralized services to support entities (Crisis Management, Security Operations Centre, etc.).

Throughout AXA Group, the security community represents composed of 1000 security professionals, working daily to protect our customers, operations, brand, and people. To achieve this, we have gathered our three security disciplines : Information Security, Operational Resilience and Physical Security.

Our main missions :

Group Security division is divided in 4 main blocks :

The department (GO Security)

GO Security department mandate, as part of Group Security division, is to secure AXA GO as an entity, and secure AXA GO Products delivered by AXA GO as a Service Provider to other entities of AXA.

GO Security department is divided in 5 teams :

The team (GO Security Oversight)

GO Security Oversight team is responsible of

oProtecting the organization's information, technology & physical assets from external and internal threats, such as cyberattacks, data breaches, and malicious insiders.

oDeveloping and implementing GO Security security policies, aligned with the Group Security instructions and regulatory requirements.

oManaging risks related to AXA GO as an entity, with support from Security Engineering CoE team, and report relevant risks in AXA GO Security Risk Committees.

oOverseeing the planification and execution of the yearly security testing campaign across AXA GO

oDeveloping and implementing security awareness and training programs to ensure AXA GO employees understand their roles and responsibilities in maintaining a secure environment.

oEnsuring compliance with Group Security instructions and regulatory requirements, supervising primary assurance on AXA GO as an entity, supporting Primary Assurance activities for AXA GO as a Service Provider, and reporting to Group Security with adequate level of data accuracy.

oDeveloping and maintaining business continuity policies, Business Continuity plans and exercises to ensure AXA GO can respond effectively to incidents and maintain business operations in the event of a disaster.

oOverseeing physical security of AXA GO sites (offices, data centers) and people (travels, events).

oPrioritizing / managing the remediation of audit issues owned by GO Security Oversight.

About the job

Main missions

Reporting to GO Security Oversight Executive Manager , the Information Security Lead Expert leads the development and implementation of the end-to-end strategic approach to Information Security.

Your responsibilities include :

oEnsure that GO Security awareness strategy is aligned with Group Security Awareness Strategy

oDeliver an annual awareness strategy plan for AXA GO

oExecute and communicate continuously all related actions defined in the GO awareness strategy plan to all AXA GO employees as GO Security Policies, GO newsletters, news in ONE, videos, webinars, eLearning modules in YES LEARNING or LinkedIn, security events like Security Month in October, Phishing awareness, ...

oMonitor continuously any awareness actions that can be tracked.

oAnswer requests within the GO Security mailbox

oHandle DLP alerts / incidents from GO employees

oExecute first criticality assessment of new assets in the GO project management process with involvement of Information Security / Physical Security / Operational Resilience / Security Architecture / Data Privacy / Operational Risk teams,

oDeliver evidences collection for primary assurance purpose (entities requests)

oManage security risks related to AXA GO as an entity, with support from GO Security Engineering Center team, and report relevant risks in AXA GO Security & Information Risk Committee.

oUpdate AXA GO Most Valuable Data list on a yearly basis

oEnsuring right funding is allocated for continuous pentesting

oPrioritizing assets to be pentested in continuous pentesting (DAST included)

oMonitoring campaign of pentests

oConfirm criticality of vulnerabilities raised during pentesting activity

oEnsuring the remediation of issues detected in pentests

oReporting to Group Security

oPerforming primary assurance on pentesting / remediation

oEnsure Digital Hub completeness & information accuracy by

Regularly review declared assets to check if they are still live & information provided is accurate

Search for undeclared assets

oMonitor AXA GO Bitsight score (all Internet Facing assets), & improve score by monitoring remediation on vulnerabilities detected

Your Profile

Expected skills & experience

We are looking for someone with the following experience and skills :

Experience

10 years.

5 years)

Technical skills

Soft skills / transversal skills

About AXA

As a world-leading insurance company, we act for human progress by protecting what matters. With 153,000 employees in 54 countries working with 105 million customers, we’ve created a truly dynamic and vibrant community. Inclusion and diversity link closely with our values, and together we’re nurturing a culture of

respect, for each other, for our customers and the communities around us. Join AXA and you’ll feel like you belong, are included and can thrive. You’ll be able to shape the way you work and truly grow your potential as you seek out new opportunities, push boundaries and benefit people in critical moments of their lives. This is your chance to build the tomorrow you want. Know you can.

About the Entity

AXA is becoming a sustainable tech-led company and at AXA Group Operations we are one of the major catalysts for this transformation.

We set the tone by triggering and empowering the evolution of our insurance business model through technology and innovation, driving its concrete implementation globally at speed, with a high quality of advisory and execution.

We are present across 17 countries with committed, highly qualified teams. We leverage technology, data, sourcing, security and investment allocation in a global way, but also achieve economies of scale and synergies when necessary.

At AXA Group Operations, we want to be recognized in three fields of action :

What We Offer

We bring together the expertise, cultural diversity and creativity of over 8,000 employees worldwide and we’re committed to equal opportunities in all aspects of employment (gender, LGBT+, disabled persons, or people of different origins) and to promoting Diversity & Inclusion by creating a work environment where all employees are treated with dignity and respect, and where individual differences are valued.