Security Risk Assessor

**Security Risk Assessor** **(**220007PH**)** **PRIMARY LOCATION**: SPAIN-COMMUNITY OF MADRID-MADRID **OTHER LOCATIONS**: SPAIN-CATALONIA-BARCELONA **ORGANIZATION**: Group Operations **CONTRACT TYPE**: Regular SCHEDULE**: Full-time **DESCRIPTION** **JOB ENVIRONMENT**: **Our mission at AXA is to empower people to live a better life. We have to move from a perceived payer of claims to a strong partner in life for our customers. Thus, our role as Group Operations must be to support and to empower all AXA teams in the best way to achieve together this meaningful aspiration.**: **The most powerful levers to achieve this can be summarized as Innovation and Execution, and will drive all Operations teams**: - **Innovation**:To create and provide solutions for the needs of our current and future the prerequisites and opportunities for all AXA teams to develop leading innovative customers - **Execution**: To create an environment which allows our teams all over the world to bring their ideas to reality and make our strong promise to the customers happen **Our concrete goals are**: - Reinforce and realize our value creation for the global AXA organization; - Support and foster innovation across AXA in a close alignment and teaming with Group Business Innovation; - Embed simplicity and empowerment in our day to day working as well as ensure that we powerfully contribute to AXA’s mission and strategy. Within Group Operations, **Group Security**: - Defines AXA’s information security standards and instructions and overseeing their implementation across the Group - Drives information security risk management (e.g. identification, evaluation, mitigation and monitoring) - Provides information security expertise to the entities - Defines the Security strategy for AXA and identify security threats - Defines AXA’s operational resilience standards and instructions and overseeing their implementation across the Group - Defines, develops and oversees Group crisis management exercises - Defines AXA’s physical security and safety standards and instructions, and oversees their implementation across the Group - Ensures the alignment of security objectives with the local CEOs and support their achievements. - Supports the entities of the Group to deliver their security activities. **POSITION MAIN ACTIVITIES**: The key responsibilities of the **Security Risk Assessor **are: - Conduct security risk assessment, of assets already in production, using tools to capture and record security risks - Collaborate with Security Analysts and engage with AXA GO Operational teams to walkthrough the results of the security risk assessment and seek mitigation action plans with timelines for each of security risks. - Conduct regular review meetings with security risk owners, and Product Security Officers, to get status update on remediation actions. - Produce security risk reports with an updated status on remediation actions, and publish them to Information Security Executive Manager, Product Security Officers and all key AXA Group Operations stakeholders. - Escalate to Product Security Officers on remediation actions plans if security risk owners have missed agreed timelines, and also if actions have not progressed beyond a reasonable time frame. - Get final sign off from Product Security Officers before closing a security risk - Document, & archive, all closed risks. **Key stakeholders**: - **Internal actors**:Expected to interact with other AXA Group Operations teams, & AXA Group security teams - **External actors**: Expected to interact with external service providers, vendors, officials, pears and professional clubs **QUALIFICATIONS** **PROFILE, SKILLS & COMPETENCIES**: **Education & certification**: - **Bachelor degree in Computer Science, Engineering, or related field.**: - **An MSc Information Security would be desirable but is not essential**: - **ISO 27005 Risk Management, ISACA CRISC certification strongly preferred**: - **Information Security and/or Information Technology industry certification (ISC2 CISSP, ISACA CISA or equivalent) strongly preferred**: - Project management certification (Prince 2, PMP,) preferred but not required **Overall work experience in the field** - Experience in information security > 5 years - Experience in information security architecture > 3 years - Experienced in developing security assurance plans - Experience in delivering messages to Project Managers and business audiences **Skills / abilities** - Cross cultural sensitivity, flexibility - Good interpersonal and communication skills, works effectively as a team player - Ability to function effectively in a matrix structure - Good analytical skills - Good writing skills - Fluent in English **ABOUT AXA** As a world-leading insurance company, we act for human progress by protecting what matters. With 153,000 employees in 54 countries working with 105 million customers, we’ve created a truly dynamic and vibrant community. Inc