Information Security Expert

Context

The Security Consultant plays an integral role in defining and assessing security requirements, security strategy and practices for Group Security and AXA global projects and clients. The security consultant will be required to effectively translate business objectives and risk management strategies into specific security requirements and processes enabled by security technologies and services.

The role will involve communicating regularly with key stakeholders globally in the AXA business. This role will report into the Information Security Executive Manager of Information Security team within Group Security.

The Role

• Develop and maintain a security requirement gathering and maintenance process that is clearly aligned with business, technology and threat drivers
• Develop and maintain security artefacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
• Act as an advisor and authority on security requirements
• Contribute at ideation and design project phases from a Group Security perspective for global projects and programmes
• Ensure security requirements are taken into account in the architecture design
• Participate in key projects in order to independently provide security requirements, assess the risks and ensure appropriate risk mitigation has been taken
• Responsibility for providing input to the audit closure issues
• Work closely with Technology Office, Internal Audit, Risk Management, Information Security Assurance teams in Group Security and other global stakeholders to maintain compliance to Group Security, regulatory and industry requirements
• Liaison with AXA information protection stakeholders to progress internal risk and security sign-off
• Support the development of security technology innovation roadmap
• Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and security artefacts developed for AXA
• Validate cloud infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
• Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics
• Liaise with other security teams and security practitioners to share best practices and insights
• Provision of assessment reports to the management team with clearly documented findings, recommendations and agreed management action plans
• Provide subject matter expertise on policy, standards and processes for Information Security
• Providing deep technical knowledge as well as ensuring a repository for this knowledge is built and maintained
• Documentation creation and review
• Role model for other staff, demonstrating effective governance arrangements are maintained

Candidate Profil

Must-have skills

• Proven experience creating and maintaining security requirements for medium to large enterprise
• Experience of modern application security practices like DevSecOps
• Experience in using architecture methodologies such as SABSA and TOGAF
• Good experience and technical understanding of Public and Private Cloud technologies such as AWS, Azure, Google Cloud Platform (GCP) and VMware
• Core security capabilities in the cloud focus on native tooling in IaaS, PaaS and SaaS as well as capabilities like cloud access security brokers (CASBs), cloud workload protection platforms (CWPP) and cloud security posture management (CSPM)
• Proven experience the following:
  • Cloud Security: Protect IaaS, PaaS and SaaS with native security features along with third-party security solutions and cloud risk management
  • Infrastructure Security: Protect infrastructure, including secure email gateways, secure web gateways, and other collaboration tools and web security technologies
  • Network Security: Keep pace with hybrid cloud architectures with modern network firewalls and technologies like zero trust architecture, microsegmentation, network access control, ZTNA, and NDR, and protect infrastructure from DDoS attacks
  • Act as Encryption SME for relevant IT and security functions
• Familiarity with compliance & security standards across the enterprise IT landscape
• Strong understanding of enterprise risk management methods and techniques to drive successful outcomes in a federated environment
• Experience of working with internal teams and partners to translate business needs into security requirements
• Experience of assessing the risk profile of software solutions, understanding how these have evolved with modern, agile development and deployment practices
• Experience / knowledge of Information Security accreditations with a cloud-focus such as NIST Cyber Security Framework, ISO 27017/18, CSA Star and ISO27001
• Excellent verbal and written communication skills
• Possess strong leadership skills with experience of shaping, motivating and driving change
• Strong influencing and negotiation skills
• Engages in order to drive the right commercial and technological outcome
• Ability to build credibility with peers and customer

Preferred Skills

• Experience and working knowledge of the methodologies to conduct threat-modelling exercises on new applications and services.
• Experience of security assessments applications and infrastructure into public cloud services.
• Strong and demonstrated team working experience
• Persuasive power to communicate with a variety of stakeholders in the organization
• Creative problem-solving ability, working in ambiguous situations
• Entrepreneurial & pragmatic mind-set
• Experience delivering pragmatic security requirements aligned to varying degrees of risk appetites
• Comfortable with frequent, incremental testing and deployment (Agile methodologies)
• A strong focus on business outcomes
• Comfort with collaboration, open communication and reaching across functional borders
• Strong educational background with a degree preferably in Computer Science or related
• Have superior planning and organization skills so as to work with a high-performance team, handle demanding clients and multitask effectively
• High degree of personal motivation and ability to self-manage
• Experience building enterprise security strategy for cloud adoption or driving the program's evolution to meet new requirements

Preferred Qualifications

• CISSP, CISM, CCSP
• CCP, SANS - GIAC
• TOGAF or SABSA Certification
• AWS/Azure/GCP Solutions Architect
• Microsoft Certification (MCM or MCA)
• VMWare Cloud Hosting (VCP or Higher)
• Networking Certification (CCNA or similar)

As a world-leading insurance company, we act for human progress by protecting what matters. With 153,000 employees in 54 countries working with 105 million customers, we've created a truly dynamic and vibrant community. Inclusion and diversity link closely with our values, and together we're nurturing a culture of
respect, for each other, for our customers and the communities around us. Join AXA and you'll feel like you belong, are included and can thrive. You'll be able to shape the way you work and truly grow your potential as you seek out new opportunities, push boundaries and benefit people in critical moments of their lives. This is your chance to build the tomorrow you want. Know you can.

AXA is becoming a sustainable tech-led company and at AXA Group Operations we are one of the major catalysts for this transformation.

We set the tone by triggering and empowering the evolution of our insurance business model through technology and innovation, driving its concrete implementation globally at speed, with a high quality of advisory and execution.

We are present across 17 countries with committed, highly qualified teams. We leverage technology, data, sourcing, security and investment allocation in a global way, but also achieve economies of scale and synergies when necessary.

At AXA Group Operations, we want to be recognized in three fields of action:

• State-of-the-art Data Technology to drive customer experience
• State-of-the-art Procurement & Sourcing to drive efficiency and better manage risks
• High-Performing Global Team for stronger partnerships with AXA entities

We bring together the expertise, cultural diversity and creativity of over 8,000 employees worldwide and we're committed to equal opportunities in all aspects of employment (gender, LGBT+, disabled persons, or people of different origins) and to promoting Diversity & Inclusion by creating a work environment where all employees are treated with dignity and respect, and where individual differences are valued.