The key responsibilities of the Technical Assurance owner are the following ones:
- Support the Group Operations Security / Information Security Executive Manager in achieving the department’s objectives.
- Oversight of the Group IT/ CyberDefense / Pentest execution team
- Ensuring right funding is allocated by Group IT/ CyberDefense department for continuous pentesting
- Prioritizing assets to be pentested in continuous pentesting (DAST included)
- Monitoring campaign of pentests
- Confirm criticality of vulnerabilities raised during pentesting activity
- Ensuring the remediation of issues detected in pentests
- Reporting to Group Security
- Performing primary assurance on pentesting /remediation
- Ensure Minimum Technical Security Baseline (MTSB) compliance for GO as an OpCo
- Automating measurement/Manually measuring technical security controls related to hardening
- Co-Building with IT & Security teams remediation plans on gaps with hardening configurations
- Monitoring remediation by IT & Security teams
- Review Security Exceptions raised on MTSB
- Manage a fortnightly GO MTSB Governance Meeting
- Automate Security Assurance & Monitoring
- Ensure Digital Hub completeness & information accuracy by
- Regularly review declared assets to check if they are still live & information provided is accurate
- Search for undeclared assets
- Monitor AXA GO Bitsight score (all Internet Facing assets), & improve score by monitoring remediation on vulnerabilities detected
- Ensure Digital Hub completeness & information accuracy by
- Manage S1/S2 Security Incidents & Critical/High/Medium Security Threats
- Measuring impact on AXA GO
- Coordinating with IT & Security teams remediation/mitigation if impact confirmed
- Communicating towards entities on AXA GO remediation/mitigation plan progresses
- On Medium Security Threats, measuring impact on AXA GO depending on volumes impacted
Competencies / Skills
Education & certification
Education |
|
Certification |
|
Overall work experience in the field
- Experience in information security or information technology > 8 years
- Experience working in Financial Services sector preferred but not required
- Hands on experience with testing frameworks such as the Open Web Application Security Project (OWASP), Penetration Testing Methodologies and Standards (PTES) or National Institute of Standards and Technology (NIST)
Skills / Abilities
- Ability to effectively operate in a decentralized and political corporate environment
- Ability to function effectively in a matrix structure
- Data analytics skills
- Team player
- Fluent in English
We bring together the expertise, cultural diversity and creativity of over 8,000 employees worldwide and we’re committed to equal opportunities in all aspects of employment (gender, LGBT+, disabled persons, or people of different origins) and to promoting Diversity & Inclusion by creating a work environment where all employees are treated with dignity and respect, and where individual differences are valued.