Aws Security Expert

**AWS Security Expert** **(**2200086Q**)**

**PRIMARY LOCATION**: SPAIN-COMMUNITY OF MADRID-MADRID

**OTHER LOCATIONS**: SPAIN-CATALONIA-BARCELONA

**ORGANIZATION**: Group Operations

**CONTRACT TYPE**: Regular

SCHEDULE**: Full-time

**DESCRIPTION**

**PRESENTATION OF THE CONTEXT AND AXA GROUP SECURITY**

Throughout AXA, the security community represents 1000 security professionals, working daily to protect our employees, customers, operations and brand. Our operating model gathers the three security disciplines Information Security, Operational Resilience and Physical Security & Safety. Our security mission is to ensure that AXA is safe, secure and resilient.

AXA Group Security, as part of AXA GO, defines the security strategy, standards and provides assurance to the Group on the security maturity of all entities across AXA. In its role, it also supports our professional family in entities in maintaining their security posture and respond and coordinate responses to crisis.

This is accomplished through four strategic levers:

- **Safe**: It is about our people, have them ready to face security challenges including third parties, health professionals
- **Secure**: Secure the business of today and tomorrow, by increasing security effectiveness on a risk-based approach for all entities.
- **Resilient**: Enhance anticipation, detection and reaction capabilities in case of events & Security by design
- **Simple**: Simplify, converge and automate our services and activities

The team contribute to define security requirements, design, and support the build of Cloud compliance, security Policies, animate the governance and follow up all remediation activities.

The team oversees:

- AWS

**Our missions are to**:

- Define security requirements, roles, controls, policies.
- Define Cloud Platform Security Assurance Plan for Build & Run (checklists: Implementation Guidelines, Processes, Counter-Measures & compliance, Testing Plan, KRI/KPI)
- Define PAAS Component/Service Security Assurance Plan for Build & Run (checklists: Implementation Guidelines, Processes, Counter-Measures & compliance, Testing Plan, KRI/KPI)
- Define Security and Compliance Reporting Principles & Requirements.
- Define Cloud Platform Reference Security Architecture & Security for the Platform/Product.

**Our goals are to**:

- Assess AWS security in projects (Design, controls )
- Assess monthly the Public Cloud using the « Continuous Security Assurance & Remediation Plan » consolidated results.
- Build management action plans to answer audit issues.
- Report the overall level of Security of the Cloud Products
- Organize the Public Cloud Security Remediation Governance (define priority) at Run Time: gaps & remediations (Audit, vulnerabilities, compliance, threats).
- Consolidate and present Control Tower Dashboard to report the overall security.
- Organize Cloud Security awareness and Skills management of GO employees and contractors.
- Maintain and update the Cloud Security TOM/RACI.

**POSITION MAIN ACTIVITIES**:

- Contribute to the security design and support the build of Cloud compliance and security Policies.
- Ensure assurance and effectiveness of the controls implemented and lead the testing activities if needed
- Build reporting as to support the monitoring and oversight of the Cloud services
- Ensure Public Cloud is properly secured using policies and mechanisms defined and in place to comply with the Group security instructions requirements.
- Lead the local implementation of the Target Operating Model for Cloud security services
- Coordinate remediation plans and their progress with the relevant stakeholders (Cloud brokers, product owners )
- Act as a key advisor to the cloud product team (e.g., information risk management, cybersecurity, information, security control, monitoring, information privacy, operations, identity access management, security architecture, forensics.)
- Support and assist Global Cloud Programs to identify all security deficiencies and propose technical solutions to strengthen security.
- Build testing plans and drive the follow up of all the remediations.
- Act as a key security contact at the local entity to drive security in terms of assessment, risk appetite, report, and promotion in an entity to advise and challenge businesses
- Contribute to the development of the security shared services and ensure implementation of the shared services within the local entity
- Ensure cloud strategy is aligned with the security standards of Group security, cyber security team, SOC, and entity security.
- Identify risks where security requirements cannot be fully addressed in the timeframe of a project
- Detect and react to security related incidents and audit issues across cloud platforms
- Ensure new cloud products and features are secure by design
- Take initiative to enhance and optimize where possible

**Team structure**: It is a team of *7* persons FTE

1 Security compliance SME

1 CSPM Expert

1 AZURE Security