ALTERNANCE - Security Analyst

Job purpose

• Manage relationship with Chief Information Security Officers and OpCos security consultants
• Be the main point of Contact for OpCos to AXA GO Cyberdefense Operations Security
• Contribute to preparation and attend monthly steering committees with OpCo’s Head of Security and/or CISO
• Contribute to providing evidence coming from internal/external requirements
• Cascade group security standards to OpCo’s head of security
• Contributes to vulnerability and compliance management
• Be the man in the middle between entities and GO technical/product teams

Key responsibilities – accountabilities

Description

Compliance management:

• Collaborate with the Local Cyberdefense Operations Security Manager in the design of appropriate metrics for reporting on key performance and quality indicators
• Ensure the availability with the products teams of the reporting, contribute to the developing material for presentations to explain to entities the status of each metric in terms of compliance
• Steer and/or contribute to any necessary remediation plan allowing AXA Group Operations to reach the compliance target on all assets under its responsibility
• Contributes to security governance with entities in sharing C level dashboards allowing CSOs to have a clear knowledge of the current situation, remediation plans status related to actions driven by GO.
• Contributes with their counterparts in the others Operations Security teams spread around the world to the development of a transversal Compliance management offering.

Vulnerability Management

• Collaborate with the Local Cyberdefense Operations Security Manager in the design of appropriate metrics for reporting on key performance and quality indicators
• Ensure the availability with the product teams of the reporting, contribute to the developing material for presentations to explain to entities the status of vulnerabilities on both servers and workstations and risks linked to them
• Steer and/or contribute to any necessary remediation plan allowing AXA Group Operations to reduce the risk linked to assets under its responsibility.
• Contributes to security governance with entities in sharing C level dashboards allowing CSOs to have a clear knowledge of the current situation, remediation plans status related to actions driven by GO.
• Ease the delivery of any needed remediation plan aiming at reducing our exposure to a risk due to vulnerabilities in challenging Group Operations teams, alerting on risk increase and providing a clear reporting.

Contribution to Audits and regulator expectations

• Be accountable to providing on time to entities the expected evidence allowing them to avoid being overdue for all assets managed by Group Operations
• Ensure the collection, formatting and provisioning of evidence for all regulatory controls where Cyberdefense is involved as control owner.
• Contribute to providing any required evidence related to Group Operations managed assets to be provided to any external/internal auditor or regulator

Data leakage management

• Manage the process for handling data leaks, from notification to incident closure
• Ensure in relation with procurement, HR and external providers the writing of any mandatory document needed for the regulatory tracking of the incident
• Steer any needed investigation allowing Group Operations to have a full knowledge of the exfiltrated data and exfiltration channels
• Contributes to the detection methods improvement leveraging the knowledge gained during previous incidents

Security incident management

• Contributes to the governance of the security incident service provided by our internal supplier in Morocco
• Provide help and advice to improve the delivery of the service
• Steer or contribute to continuous improvement