Security Assurance Executive Manager

PRESENTATION OF GROUP SECURITY We live in an environment where social unrest, terrorism, disruptive technologies, unpredictable natural disasters, cyber risk and misuse of information are a reality. As a consequence, the decision of our customers to partner with an organization is going to be based on whether they trust that organization to keep them safe and secure. Our role as Group Security is to monitor the security threats landscape, analyze and anticipate their impact on AXA Group, identify vulnerabilities and associated risks, define and oversee implementation of Group-wide security strategy, standards, instructions and security awareness & training campaigns.

Vision: Group Security #assures that AXA is #trusted to be #safe, #secure and #resilient. This is accomplished through:

Protect: to provide industry leading security to assure our people, customers and stakeholders that AXA protects them and their information. Support: to create an environment where security is embedded in everything we do. Innovate: to accelerate and support the delivery of innovations, to enable AXA's future growth plans. Enable: to ensure we have the right people, processes, technologies and governance to drive the execution of AXA's security ambitions. Note that security includes Information Security, Operational Resilience, Physical Security and Health and Safety.

POSITION MISSION & MAIN ACTIVITIES Job Purpose As a second line of controls, measure and report on compliance with Security standards & instructions. Lead Assurance activities to ensure compliance with AXA Group standards & instructions, Industry ISO standard, and internal controls. Manage the delivery of Compliance assurance. Direct and oversee the team conducting gap analyses with instructions and standards, Industry ISO standard, internal controls and provide recommendations and drive implementation. Lead, manage, and coordinate reporting, investigations and tracking of deviation identified during control assurance assessment. Lead the definition of the Group ISO 27000 assessment strategy and approach to ensure continuous measurement and improvement in the entities. Direct and oversee ISO 27000 program and support the entities in raising their security maturity levels through consultation, assessment and consulting. Lead and direct the development, implementation and embed fit for purpose Integrated assurance management systems which meet the requirements of ISO27000 and other relevant standards. Direct and oversee formal ISO 27000 certification consulting and preparation to entities pursuing the certification. The post holder will be responsible for leading a program of Governance and assurance activities across the AXA Group supporting the implementation of a cohesive QA strategy assisting entities to develop their governance and assurance strategies. Lead the program to verify AXA Group's entities adherence with Security Instructions and Group expectations by verifying general security control assurance. Coordinate the verification of the accuracy of the reporting & Self-assessment provided by the entities to the Group through sample-based general security control testing. Provide guidance and oversight into security consulting assurance activities. Provide leadership of a team of competent and highly qualified security management specialists who in turn will provide competent advice and leading solutions into the operational business. Main Activities Establish and monitor the set up and industrialization of Quality Assurance and Testing services across all group services. Provide oversight, lead and manage the establishment of Security Assurance processes and procedures and roll out to across the Group, acquisitions and vendors. Provide competent, strategic governance and assurance security management advice to AXA Group, establishing suitable and appropriate policy, process and security management solutions ensuring that the business meets its Security obligations. Lead and oversee all assurance testing activities, the assurance testing teams and work with other Assurance-related stakeholders. Lead and manage the Global Assurance Center providing assurance testing capabilities to the entities. Lead, manage and guide the team performing analysis of functional specifications for completeness and to identify testing requirements. Direct and oversee relevant aspects of testing, assurance, release management and environment management. Embed Information Security Quality Assurance and Testing within a wide variety of projects. Lead the development, deployment and maintenance of a Security assurance testing framework and documentation to improve proficiency and quality. Lead, manage and define ISO 27000 scope and coordinate independent and entity self-assessments across AXA Group with the view of internalizing independent assessments. Lead assessment, analyzing and interpretation of ISO results (independent and self-assessments), to identify AXA Group wide security maturity improvement opportunities. Lead, manage and provide oversight on activities around entity preparation for independent ISO 27000 audits. (Opening meetings, QA, consultation, assessment and audit defense.)

Lead and oversee the initiative to maintain, implement and distribute the AXA Maturity Model group wide and consult with entities to assist with implementation and security maturity measurement activities. Direct and oversee development, implementation, maintenance of an effective ISO27000 training program to enable AXA Group to effectively measure security maturity in line with the AXA maturity model. Direct and oversee preparation for ISO 27000 certification through management consulting and advice, and pre-certification assessments in line with the ISO 27000 standards. Direct and oversee sample based secondary assurance on CSA, DLP and MTSB. Liaise with entities to source evidence, review and provide opinion on control effectiveness and design.

Lead the Assurance team's performance and ensure service delivery is in accordance with the Group Security strategy to coordinate the process and procedures in order to achieve best working practices and demonstrate continuous improvement. To assist and develop succession plans, continuously motivating teams by coaching, assessing, developing and maximizing individual potential. Recruiting, developing and maintaining a highly experienced team to support assurance activities. Direct and oversee reporting and information distribution in a variety of formats for both internal and external role players on issues relating to assurance activities. Your Profile PROFILE, SKILLS & COMPETENCIES Profile Ability to function effectively in a matrix structure. Operate comfortably at Executive level. Strong facilitation, negotiation and conflict resolution skills. Strong networking skills. Team player. Apply analytical rigor to understand complex business scenarios. Fluent in English. Culturally aware. Skills & Competencies Technical Knowledge: Assurance Methodologies. Physical Security. Health & Safety. Operational Resilience. Information Security. ISO 27000. Audit framework and methodology. Operational Risk framework and methodology. Leadership Creates an environment for developing and fostering leadership excellence. Effectively communicates the group vision and goals and the benefits in achieving the same. Recognizes potential leaders and provides them with challenging assignments/stretch goals. Takes calculated risks in decision-making and seeks input from the team/stakeholders for the same. Can effectively mentor others to acquire these competences. Strategic Thinking Articulates a vision, develops organizational goals and strategies. Maintains a wider perspective, aligns actions and contributes to the enhancement of the overall organizational strategy, including outputs from benchmarking activities and reviews. Understands and articulates the projected direction of the organization and how changes to it might impact the group. Is aware of trends in the external environment and key differentiators vis-a-vis competition and uses this information to anticipate how these changes would impact the organization. Recommend solutions relevant to the complexity, scope, risk and magnitude of the solving problem. Problem Solving Recommends solutions relevant to the complexity, scope, risk and magnitude of problem. Decision Making Advise on decisions regarding strategy, policy, and structures. Quick to assimilate and integrate new information for informed decision making. Monitor changes in the operating environment, quick to act upon potential opportunities. Able to quickly evaluate a situation or issue and take the initiative within limits of authority. Transversal Skills: Ability to work in a matrix environment & with senior executives. Strong multi-cultural understanding and application. Ability to build collaborative relationships with both internal customers and program/project stakeholders. Facilitation, negotiation and influencing skills to achieve results in a matrix management environment. Problem solving, strong analytical skills. Ability to drive global results while remaining sensitive to local environments and cultural issues. Ability to implement processes, resources and objectives which support both short and long-term goals. Sense of urgency and efforts redirection if necessary to maintain sound time-management of programs and projects. Decision making and ability to work independently in a complex environment. Information collection and analysis. Effective program management through the Group Operations values. Excellent communication skills. High degree of work ethics and professionalism; leads by example. Fluent in English. Qualifications University graduate with a degree in Business, IT or a related subject. A post-graduate degree in Information Security, Operational Resilience or Physical Security is preferred. Security industry certification (CISSP, CISM, CGEIT, CISA, CRISC, GIAC or equivalent, MBCI, DRII…). Experience with technologies, tools and process controls to minimize risk and data exposure > 10 years. Experience with ISO 27000 > 10 years. Experience with vulnerability analysis tools >10 years. Experience of working with specific Security Controls and Vulnerability Databases > 5 years. Experience in network and/or firewall engineering, administration, design and implementation including experience in applying methodologies and principles for all levels of Information Security > 5 years. Experience in Audit – general controls review > 5 years. About AXA As a world-leading insurance company, we act for human progress by protecting what matters. With 153,000 employees in 54 countries working with 105 million customers, we've created a truly dynamic and vibrant community. Inclusion and diversity link closely with our values, and together we're nurturing a culture of respect, for each other, for our customers and the communities around us. Join AXA and you'll feel like you belong, are included and can thrive. You'll be able to shape the way you work and truly grow your potential as you seek out new opportunities, push boundaries and benefit people in critical moments of their lives. This is your chance to build the tomorrow you want. Know you can.

About the Entity AXA is becoming a sustainable tech-led company and at AXA Group Operations we are one of the major catalysts for this transformation. We set the tone by triggering and empowering the evolution of our insurance business model through technology and innovation, driving its concrete implementation globally at speed, with a high quality of advisory and execution. We are present across 17 countries with committed, highly qualified teams. We leverage technology, data, sourcing, security and investment allocation in a global way, but also achieve economies of scale and synergies when necessary.

At AXA Group Operations, we want to be recognized in three fields of action:

State-of-the-art Data Technology to drive customer experience. State-of-the-art Procurement & Sourcing to drive efficiency and better manage risks. High-Performing Global Team for stronger partnerships with AXA entities. What We Offer We bring together the expertise, cultural diversity and creativity of over 8,000 employees worldwide and we're committed to equal opportunities in all aspects of employment (gender, LGBT+, disabled persons, or people of different origins) and to promoting Diversity & Inclusion by creating a work environment where all employees are treated with dignity and respect, and where individual differences are valued.



#J-18808-Ljbffr