Job purpose
- Collaborate with and support Group Security and other stakeholders as necessary to ensure that security (Information Security, Operational Resilience and Physical Security) within the local entity is relevant, cost-effective and is delivered in accordance with the Group Security Strategy
- Serve as an expert advisor to the entity leadership team in the implementation and maintenance of security
- Ensure local compliance with the security standards, instructions and strategic initiatives
- Adapts the global security strategy to the entity (taking into consideration the local regulation and specificities), defines the concrete actions leading to its execution and monitors achievement
- Ensure the achievement of the security targets in the entity, as set by Group Security
- Identify and analyze security risks, recommend appropriate mitigation options and document all components in clear, business-intelligible language
- Maintain an understanding of emerging technology, risks and industry trends.Assess the impact on the business environment and recommend appropriate mitigation actions or the prioritization of projects and investments
- Escalate the need to redirect investment or change practices to mitigate critical risks and ensure legal, regulatory or commercial compliance
- Implement continuous improvement processes and activities (e.g. good practices, reporting, problem resolution) to ensure quality and relevance of security services
- Monitor and maintain system confidentiality, integrity and availability and manage security incidents (analysis, tracking and communications)
- Undertakes assurance to validate the effectiveness of the local security activities and controls
- Promote a culture of security and raise awareness
- Oversee the execution of security projects
- Ensure development and maintenance of auditable processes to enforce consistency within the local entity
- Identify and implement coordinated responses to security audit and compliance issues
- Develop, track and control the local security budgets (required to invest, build and run security) in agreement with the CXO and the Corporate CSO
Qualifications
Education
- A university degree in security and related fields (risks management, audit, international relations, information security…)
- A post-graduate degree in security or general management (such as an MBA) is an advantage but not essential
List of preferred certifications
- Information Security and /or Information Technology industry certification (CISSP-ISSAP, CISM, ISO 27001 Lead Auditor, GIAC or equivalent)
- Business Continuity Industry certification (MBCI, DRII…)
- Physical security / Health and Safety certification (CPP, PSP, BTEC, IOSH…)
Overall work experience in the field
- Experience in security, risks management, audit or related area: 7 to 10 years
- Leadership/ management experience: 3 to 5 years
- Previous experience in an international team preferred
- Previous experience as interim or acting Chief Information Security Officer, Physical Security Officer, Operational Resilience Officer, Business Continuity Officer in an international organization
Skills / abilities
- Ability to effectively negotiate a decentralized and political corporate environment
- Strong networking skills
- Team player
- Ability to apply analytical rigour to understand complex business scenarios
- Fluent in English (Local language and French are an advantage)
In AXA we value diversity and we work for equal opportunities and to make that everyone feels respected and included