Information Security Risk Assessment Officer (F/M)

Job description

As Information Security Risk Assessment Officer you are going to support our business strategy and digital transformation, AXA is building a new Group Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business.

Our vision for Information Security is to ‘protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees.

Desired profile

Qualifications :

Job purpose
·  Provide support and assistance to business and entities on information security risk assessments,
·  Will actively participate to the design of IS Risk Assessment methodologies, ensuring alignment with Group Risk Management,
·  Support and monitor the implementation and execution of the information security risk assessment methodology and processes,
·  Ensure information security risks related to the organization, employees, customers, data and technologies are adequately identified, assessed and managed effectively,
·  Support the establishment of the organization's information 'risk appetite',
·  Perform challenge and/or advisory (aka ‘second opinion') reviews on information security risks, independently conducting studies or assessments and following-up the remediation actions,
·  Perform information security risk assessments as required, including but not limited to projects, acquisitions and third parties
·  Provide an active support in animating the information security risk assessment worldwide community through sharing best practices, insights and technological developments

Education
·  Bachelor degree in Computer Science, Engineering, or related field
·  An MSc Information Security is strongly preferred but is not essential
Certification
·  Information Security and /or Information Technology industry certifications in good standing (CRISC, CISSP, CISM, ISO27005 Certified Risk Manager, ISO27001 Lead Auditor or equivalent) strongly preferred
Overall work experience in the field
·  Experience in Information Security field > 3 years
·  Experience in technical Information Security solution design and conducting technical risk assessments > 3 years
·  Experience in articulating IS risks in business language and advising on the appropriate risk management strategy for a technical solution > 3 years
·  Experience in project management and related methodologies > 1 year
·  Experience in multinational companies is an advantage
Skills / abilities
·  Ability to function effectively in a matrix structure
·  Operate adequately at management level
·  Strong facilitation, negotiation and conflict resolution skills
·  Proficient risk assessment, interpretation and analytical skills
·  Strong networking skills
·  Team player
·  Fluent in English