Information Security Governance & Framework Officer (F/H)

Job description

POSITION MISSION & MAIN ACTIVITIES

Job Purpose

· Works to ensure that Information Security risks and incidents/issues are identified and controlled.
· Support the development, review and maintenance of information security governance framework, standards & instructions in cooperation with other corporate risks functions
· Support implementation of the assurance strategy & overarching Assurance Approach - Primary vs. Secondary
· Support the implementation of information security governance framework globally via adherence to standards, instructions and internal controls.
· Help to develop a comprehensive view of information security landscape for the department, highlighting key risks, threats, and vulnerabilities impacting the organization (common areas of risk, control failures, etc.) and helps to articulate the risk landscape for senior management and risk committees
· Work with the Group Risk Management (GRM) to align Information Security strategy and frameworks with GRM information risk management frameworks (e.g. : third party risk assessment, instructions & standards …)
· Support the evolution of information security within AXA, ensuring consistency with the Group Security Strategy.

Main Activities
· Support the design and maintainance an information security instructions and standards, and internal controls aligned to risks, threats and vulnerabilities.
· Help manage oversight forums with the Information Security Function Heads to monitor execution of Information Security Strategy and risk and control framework, monitor the remediation of high risk and control gaps, identify opportunities for improvements, and plan for future strategies and execution
· Identify global regulatory-driven security requirements
· Identify local regulatory-driven security requirements with local teams
· Collect measures and report on Compliance with Standards & Instructions
· Enforce against standards & instructions
· Review requests for exception & recommend to senior management & risks committee
· Support coordination and partner with the GRM and Cyber Defense department to ensure oversight of information risk management practices and framework are effectively implemented within the Information Security
· Support coordination reporting of Security Status from Operational teams
· Effectively support ISA reporting metrics, summarize high priority risk and control issues for the Senior Directors to increase transparency
· Document information security and governance activities and if required provide information to the “Audit, Compliance & Reporting and Management Information System” team
· Interact and manage key stakeholders, including local information security teams, Group security teams & Market CSOs, Group Security Executive Committee, Group Risk, Internal Audit, etc.
· Support and coordinate with AXA entities to adopt, adapt and implement information security instructions
· Identify changes in risk and threat landscape and recommend best practices to ensure continuous improvement in quality of Information Security Framework and Governance

POSITION MISSION & MAIN ACTIVITIES

Job Purpose

· Works to ensure that Information Security risks and incidents/issues are identified and controlled.
· Support the development, review and maintenance of information security governance framework, standards & instructions in cooperation with other corporate risks functions
· Support implementation of the assurance strategy & overarching Assurance Approach - Primary vs. Secondary
· Support the implementation of information security governance framework globally via adherence to standards, instructions and internal controls.
· Help to develop a comprehensive view of information security landscape for the department, highlighting key risks, threats, and vulnerabilities impacting the organization (common areas of risk, control failures, etc.) and helps to articulate the risk landscape for senior management and risk committees
· Work with the Group Risk Management (GRM) to align Information Security strategy and frameworks with GRM information risk management frameworks (e.g. : third party risk assessment, instructions & standards …)
· Support the evolution of information security within AXA, ensuring consistency with the Group Security Strategy.

Main Activities
· Support the design and maintainance an information security instructions and standards, and internal controls aligned to risks, threats and vulnerabilities.
· Help manage oversight forums with the Information Security Function Heads to monitor execution of Information Security Strategy and risk and control framework, monitor the remediation of high risk and control gaps, identify opportunities for improvements, and plan for future strategies and execution
· Identify global regulatory-driven security requirements
· Identify local regulatory-driven security requirements with local teams
· Collect measures and report on Compliance with Standards & Instructions
· Enforce against standards & instructions
· Review requests for exception & recommend to senior management & risks committee
· Support coordination and partner with the GRM and Cyber Defense department to ensure oversight of information risk management practices and framework are effectively implemented within the Information Security
· Support coordination reporting of Security Status from Operational teams
· Effectively support ISA reporting metrics, summarize high priority risk and control issues for the Senior Directors to increase transparency
· Document information security and governance activities and if required provide information to the “Audit, Compliance & Reporting and Management Information System” team
· Interact and manage key stakeholders, including local information security teams, Group security teams & Market CSOs, Group Security Executive Committee, Group Risk, Internal Audit, etc.
· Support and coordinate with AXA entities to adopt, adapt and implement information security instructions
· Identify changes in risk and threat landscape and recommend best practices to ensure continuous improvement in quality of Information Security Framework and Governance

Desired profile

Qualifications :

PROFILE, SKILLS & COMPETENCIES

Profile
·  Fluent in English. Outstanding oral and written communication skills with proven ability to develop and present concise information
·  Self-motivated and self-directed, and thrive in a fast-paced and high-visibility with Senior Directors work environment
·  Experience with interacting with Directors and all levels of management and leading large groups through materials
·  Be able to solve complex problems with innovative solutions across Legal Entities, Country, Regional and Global matrix Organization. Proficiency in Microsoft suite of applications (Excel including Pivot Table knowledge, PowerPoint, Word, Microsoft Project), SharePoint working knowledge
·  Team player and ability to collaborate, influence and guide others


Skills & Competencies


Technical Knowledge:
·  Knowledgeable in Information Security Risk & controls framework
·  General knowledge with Penetration testing and familiar with the tools used in Penetration testing (e.g. Black Duck, Fortify and Vericode)
·  Knowledgeable in Audit, Assurance, Regulatory & Review
·  Experience using reporting tools to produce assurance, risk and control data to key stakeholders

Program/Controls Oversight:

·  Assurance oversight experience with proven record of providing effective monitoring across multiple functions
·  Ability to prioritize among multiple initiatives
·  Ability to work with the internal team, business teams, control officers and other control stakeholders integrating information and clearly articulating impacts and solutions
·  Ability to correlate incoming information to solve problems
Communication competencies:
·  Ability to communicate appropriately with all levels of the organization and Senior Executives
·  Ability to identify the right communication vehicle tailored to the subject matter and the audience
·  Excellent interpersonal and communication skills (written and verbal)
·  Poise, ease with interactions with stakeholders
·  Ability to craft important updates to stakeholders clearly and concisely related to the ISA functions
·  Proven ability to present material to large audiences via conference calls using both speaking and listening skills to manage messages

Leadership
·  Creates an environment for developing and fostering leadership excellence
·  Effectively communicates the group vision and goals and the benefits in achieving the same
·  Recognizes potential leaders and provides them with challenging assignments/stretch goals
·  Takes calculated risks in decision-making and seeks inputs from the team /stakeholders for the same.
·  Can effectively mentor others to acquire this competency

Strategic Thinking

·  Articulates a vision, develops organizational goals and strategies
·  Maintains a wider perspective, aligns actions and contributes to the enhancement of the overall organizational strategy, including outputs from benchmarking activities and reviews
·  Understands and articulates the projected direction of the organization and how changes to it might impact the group
·  Is aware of trends in the external environment and key differentiators vis-à-vis competition and uses this information to anticipate how these changes would impact the organization
·  Recommends solutions relevant to the complexity, scope, risk and magnitude of the solving problem

Problem solving

·  Recommends solutions relevant to the complexity, scope, risk and magnitude of problem

Decision making

·  Advises on decisions regarding strategy, policy, and structures
·  Quick to assimilate and integrate new information for informed decision making
·  Monitor changes in the operating environment, quick to act upon potential opportunities.
·  Able to quickly evaluate a situation or issue and take the initiative within limits of authority.

Transversal skills:

·  Ability to work in a matrix environment & with senior executives
·  Strong multi-cultural understanding and application
·  Ability to build collaborative relationships with both internal customers and program/project stakeholders
·  Facilitation, negotiation and influencing skills to achieve results in a matrix management environment
·  Problem solving, strong analytical skills
·  Ability to drive global results while remaining sensitive to local environments and cultural issues
·  Ability to implement processes, resources and objectives which support both short and long-term goals
·  Sense of urgency and efforts redirection if necessary to maintain sound time-management of programs and projects
·  Decision making and ability to work independently in a complex environment
·  Information collection and analysis
·  Effective program management through the Group Operations values
·  Excellent communication skills
·  High degree of work ethics and professionalism; leads by example
·  Fluent in English

Qualifications
·  University graduate with a degree in Business, IT or a related subject.
·  A post-graduate degree in Information Security is preferred
·  Information Security and /or Information Technology industry certification (CISSP-ISSAP, CISM, CRISC, GIAC or equivalent) is preferred
·  Overall work experience in the field: 5-6 years' experience in information security