Security Assurance Executive Manager

We live in an environment where social unrest, terrorism, disruptive technologies, unpredictable natural disasters, cyber risk and misuse of information are a reality. As a consequence, the decision of our customers to partner with an organization is going to be based on whether they trust that organization to keep them safe and secure. Our role as Group Security is to monitor the security threats landscape, analyze and anticipate their impact on AXA Group, identify vulnerabilities and associated risks, define and oversee implementation of Group-wide security strategy, standards, instructions and security awareness & training campaigns.Vision: Group Security #assures that AXA is #trusted to be #safe, #secure and #resilient. This is accomplished through;Protect: to provide industry leading security to assure our people, customers and stakeholders that AXA protects them and their information.Support: to create an environment where security is embedded in everything we do.Innovate: to accelerate and support the delivery of innovations, to enable AXA’s future growth plans.Enable: to ensure we have the right people, processes, technologies and governance to drive the execution of AXA’s security ambitions.Note that security includes Information Security, Operational Resilience, Physical Security and Health and Safety.PRESENTATION OF GROUP SECURITYWe live in an environment where social unrest, terrorism, disruptive technologies, unpredictable natural disasters, cyber risk and misuse of information are a reality. As a consequence, the decision of our customers to partner with an organization is going to be based on whether they trust that organization to keep them safe and secure. Our role as Group Security is to monitor the security threats landscape, analyze and anticipate their impact on AXA Group, identify vulnerabilities and associated risks, define and oversee implementation of Group-wide security strategy, standards, instructions and security awareness & training campaigns.Vision: Group Security #assures that AXA is #trusted to be #safe, #secure and #resilient. This is accomplished through;Protect: to provide industry leading security to assure our people, customers and stakeholders that AXA protects them and their information.Support: to create an environment where security is embedded in everything we do.Innovate: to accelerate and support the delivery of innovations, to enable AXA’s future growth plans.Enable: to ensure we have the right people, processes, technologies and governance to drive the execution of AXA’s security ambitions.Note that security includes Information Security, Operational Resilience, Physical Security and Health and Safety.POSITION MISSION & MAIN ACTIVITIESJob PurposeAs a second line of controls, measure and report on compliance with Security standards & instructions.Lead Assurance activities to ensure compliance with AXA Group standards & instructions, Industry ISO standard, and internal controls. Manage the delivery of Compliance assurance.Direct and oversee the team conducting gap analyses with instructions and standards, Industry ISO standard, internal controls and provide recommendations and drive implementation.Lead, manage, and coordinate reporting, investigations and tracking of deviation identified during control assurance assessment.Lead the definition of the Group ISO 27000 assessment strategy and approach to ensure continuous measurement and improvement in the entities.Direct and oversee ISO 27000 program and support the entities in raising their security maturity levels through consultation, assessment and consulting.Lead and direct the development, implementation and embed fit for purpose Integrated assurance management systems which meet the requirements of ISO27000 and other relevant standards.Direct and oversee formal ISO 27000 certification consulting and preparation to entities pursuing the certification.The post holder will be responsible for leading a program of Governance and assurance activities across the AXA Group supporting the implementation of a cohesive QA strategy assisting entities to develop their governance and assurance strategies.Lead the program to verify AXA Group’s entities adherence with Security Instructions and Group expectations by verifying general security control assurance.Coordinate the verification of the accuracy of the reporting & Self-assessment provided by the entities to the Group through sample-based general security control testing.Provide guidance and oversight into security consulting assurance activities.Provide leadership of a team of competent and highly qualified security management specialists who in turn will provide competent advice and leading solutions into the operational business.Main ActivitiesEstablish and monitor the set up and industrialization of Quality Assurance and Testing services across all group services.Provide oversight, lead and manage the establishment of Security Assurance processes and procedures and roll out to across the Group, acquisitions and vendors.Provide competent, strategic governance and assurance security management advice to AXA Group, establishing suitable and appropriate policy, process and security management solutions ensuring that the business meets its Security obligations.Lead and oversee all assurance testing activities, the assurance testing teams and work with other Assurance-related stakeholders.Lead and manage the Global Assurance Center providing assurance testing capabilities to the entities.Lead, manage and guide the team performing analysis of functional specifications for completeness and to identify testing requirements.Direct and oversee relevant aspects of testing, assurance, release management and environment management.Embed Information Security Quality Assurance and Testing within a wide variety of projects.Lead the development, deployment and maintenance of a Security assurance testing framework and documentation to improve proficiency and quality.Lead, manage and define ISO 27000 scope and coordinate independent and entity self-assessments across AXA Group with the view of internalizing independent assessments.Lead assessment, analyzing and interpretation of ISO results (independent and self-assessments), to identify AXA Group wide security maturity improvement opportunities.Lead, manage and provide oversight on activities around entity preparation for independent ISO 27000 audits. (Opening meetings, QA, consultation, assessment and audit defense.)Lead and oversee the initiative to maintain, implement and distribute the AXA Maturity Model group wide and consult with entities to assist with implementation and security maturity measurement activities.Direct and oversee development, implementation, maintenance of an effective ISO27000 training program to enable AXA Group to effectively measure security maturity in line with the AXA maturity model.Direct and oversee preparation for ISO 27000 certification through management consulting and advice, and pre-certification assessments in line with the ISO 27000 standards.Direct and oversee sample based secondary assurance on CSA, DLP and MTSB. Liaise with entities to source evidence, review and provide opinion on control effectiveness and design.Lead the Assurance team’s performance and ensure service delivery is in accordance with the Group Security strategy to coordinate the process and procedures in order to achieve best working practices and demonstrate continuous improvement.To assist and develop succession plans, continuously motivating teams by coaching, assessing, developing and maximizing individual potential.Recruiting, developing and maintaining a highly experienced team to support assurance activities.Direct and oversee reporting and information distribution in a variety of formats for both internal and external role players on issues relating to assurance activities.PROFILE, SKILLS & COMPETENCIESProfileAbility to function effectively in a matrix structure.Operate comfortably at Executive level.Strong facilitation, negotiation and conflict resolution skills.Strong networking skills.Team player.Apply analytical rigor to understand complex business scenarios.Fluent in English.Culturally aware.Skills & CompetenciesTechnical Knowledge:Assurance Methodologies.Physical Security.Health & Safety.Operational Resilience.Information Security.ISO 27000.Audit framework and methodology.Operational Risk framework and methodology.Leadership:Creates an environment for developing and fostering leadership excellence.Effectively communicates the group vision and goals and the benefits in achieving the same.Recognizes potential leaders and provides them with challenging assignments/stretch goals.Takes calculated risks in decision-making and seeks input from the team /stakeholders for the same.Can effectively mentor others to acquire these competences.Strategic Thinking:Articulates a vision, develops organizational goals and strategies.Maintains a wider perspective, aligns actions and contributes to the enhancement of the overall organizational strategy, including outputs from benchmarking activities and reviews.Understands and articulates the projected direction of the organization and how changes to it might impact the group.Is aware of trends in the external environment and key differentiators vis-a-vis competition and uses this information to anticipate how these changes would impact the organization.Recommend solutions relevant to the complexity, scope, risk and magnitude of the solving problem.Problem solving:Recommends solutions relevant to the complexity, scope, risk and magnitude of problem.Decision making:Advise on decisions regarding strategy, policy, and structures.Quick to assimilate and integrate new information for informed decision making.Monitor changes in the operating environment, quick to act upon potential opportunities.Able to quickly evaluate a situation or issue and take the initiative within limits of authority.Transversal skills:Ability to work in a matrix environment & with senior executives.Strong multi-cultural understanding and application.Ability to build collaborative relationships with both internal customers and program/project stakeholders.Facilitation, negotiation and influencing skills to achieve results in a matrix management environment.Problem solving, strong analytical skills.Ability to drive global results while remaining sensitive to local environments and cultural issues.Ability to implement processes, resources and objectives which support both short and long-term goals.Sense of urgency and efforts redirection if necessary to maintain sound time-management of programs and projects.Decision making and ability to work independently in a complex environment.Information collection and analysis.Effective program management through the Group Operations values.Excellent communication skills.High degree of work ethics and professionalism; leads by example.Fluent in English.Qualifications:University graduate with a degree in Business, IT or a related subject.A post-graduate degree in Information Security, Operational Resilience or Physical Security is preferred.Security industry certification (CISSP, CISM, CGEIT, CISA, CRISC, GIAC or equivalent, MBCI, DRII…).Experience with technologies, tools and process controls to minimize risk and data exposure > 10 years.Experience with ISO 27000 > 10 years.Experience with vulnerability analysis tools >10 years.Experience of working with specific Security Controls and Vulnerability Databases > 5 years.Experience in network and/or firewall engineering, administration, design and implementation including experience in applying methodologies and principles for all levels of Information Security > 5 years.Experience in Audit – general controls review > 5 years.
#J-18808-Ljbffr