Security Operations Specialist

Company statement

With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio. As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders. AXA is setting-up a Group Information Security practice in order to reinforce its short-term risk reduction strategy, aligned with AXA strategy & culture and based on the industry standards.

Business unit statement

To support our business strategy and digital transformation, AXA built a Group Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business. Our vision for Information Security is to ‘protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees’

Job purpose

ü Manage relationship with Chief Information Security Officers and OpCos security consultant

ü Be the main point of Contact for OpCos to AXA GO Cyberdefense Operations Security

ü Contribute to preparation and attend monthly steering committees with OpCo’s Head of Security and/or CISO

ü Contribute to providing evidence coming from internal/external requirements

ü Cascade group security standards to OpCo’s head of security

Key responsibilities – accountabilities

Compliance management:

 Collaborate with the Local Cyberdefense Operations Security Manager in the design of appropriate metrics for reporting on key performance and quality indicators

 Ensure the availability with the products teams of the reporting, contribute to the developing material for presentations to explain to entities the status of each metric in terms of compliance

 Steer and/or contribute to any necessary remediation plan allowing AXA Group Operations to reach the compliance target on all assets under its responsibility

 Contributes to security governance with entities in sharing C level dashboards allowing CSOs to have a clear knowledge of the current situation, remediation plans status related to actions driven by GO.

 Contributes with their counterparts in the others Operations Security teams spread around the world to the development of a transversal Compliance management offering.

Vulnerability Management

 Collaborate with the Local Cyberdefense Operations Security Manager in the design of appropriate metrics for reporting on key performance and quality indicators

 Ensure the availability with the product teams of the reporting, contribute to the developing material for presentations to explain to entities the status of vulnerabilities on both servers and workstations and risks linked to them

 Steer and/or contribute to any necessary remediation plan allowing AXA Group Operations to reduce the risk linked to assets under its responsibility.

 Contributes to security governance with entities in sharing C level dashboards allowing CSOs to have a clear knowledge of the current situation, remediation plans status related to actions driven by GO.

 Ease the delivery of any needed remediation plan aiming at reducing our exposure to a risk due to vulnerabilities in challenging Group Operations teams, alerting on risk increase and providing a clear reporting.

Contribution to Audits and regulator expectations

 Be accountable to providing on time to entities the expected evidence allowing them to avoid being overdue for all assets managed by Group Operations

 Ensure the collection, formatting and provisioning of evidence for all regulatory controls where Cyberdefense is involved as control owner.

 Contribute to providing any required evidence related to Group Operations managed assets to be provided to any external/internal auditor or regulator

Data leakage management

 Manage the process for handling data leaks, from notification to incident closure

 Ensure in relation with procurement, HR and external providers the writing of any mandatory document needed for the regulatory tracking of the incident

 Steer any needed investigation allowing Group Operations to have a full knowledge of the exfiltrated data and exfiltration channels

 Contributes to the detection methods improvement leveraging the knowledge gained during previous incidents

Security incident management

 Contributes to the governance of the security incident service provided by our internal supplier in Morocco

 Provide help and advice to improve the delivery of the service

 Steer or contribute to continuous improvement

Qualifications

Education

ü Bachelor degree in Computer Science, Engineering, or related field.

ü An MSc Information Security would be desirable but is not essential

Certification

ü Information Security and/or Information Technology industry certification (CISSP, CISA, CISM, GIAC or equivalent)

ü ISO 27xxx certification (27001 Lead Implementer, or Lead Auditor or ISO 27005)

ü ITIL v3 certified to at least Foundation level

Overall work experience in the field

ü Working knowledge of ITIL Service Management concepts and processes, including : incident management, change management, problem management, service request management, configuration management > 2 years

ü Experience in a multi-national, shared services environment, including clear customer service and resolution of escalated issues > 3 years

ü Overall experience in Information Security > 3 years

ü Overall experience in reporting of security services > 3 years

Skills / abilities

1. ü Cross cultural sensitivity, flexibility
2. ü Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively
3. ü Good interpersonal and communication skills, works effectively as a team player
4. ü Ability to function effectively in a matrix structure
5. ü Good analytical skills
6. ü Fluent in English