Standards & Instructions Framework Lead
AXA en France
Contract type
permanent
Function
IT-Security
Education
master degree
Location
PARIS, 75, Île-de-France, France

PRESENTATION OF GROUP SECURITY

Throughout AXA, the security community represents 1000 security professionals, working daily to protect our employees, customers, operations and brand. Our operating model gathers the three security disciplines Information Security, Operational Resilience and Physical Security & Safety. Our security mission is to ensure that AXA is safe, secure and resilient.

AXA Group Security, as part of AXA GO, defines the security strategy, standards and provides assurance to the Group on the security maturity of all entities across AXA. In its role, it also supports our professional family in entities in maintaining their security posture and respond and coordinate responses to crisis.

This is accomplished through four strategic levers:

  • Safe: It is about our people, have them ready to face security challenges including third parties, health professionals

  • Secure: Secure the business of today and tomorrow, by increasing security effectiveness on a risk-based approach for all entities.

  • Resilient: Enhance anticipation, detection and reaction capabilities in case of events & Security by design

  • Simple: Simplify, converge and automate our services and activities

The Standards & Instructions team sits within the Security Advisory and Standards pillar of Group Security. It is responsible for producing and maintaining the security standards, instructions and guidelines (Information Security, Operational Resilience and Physical Security & Safety) for the Group. This is done by coordinating and collaborating with subject matter experts across the Group. The team defines and maintains the management system for the Group Security function, providing oversight and governance of the development of security requirements, policies, rules and frameworks to ensure consistency. The team manages the framework for information security assurance at the entity level, supporting AXA entities to conduct primary assurance and report results on the effectiveness of the control environment to Group.

POSITION MISSION & MAIN ACTIVITIES

Job Purpose

  • Supports definition and maintenance of the AXA security management system and operating model.

  • Drives the development, review and maintenance of security governance and assurance frameworks, standards & instructions in cooperation with other corporate risks functions

  • Manages implementation of the entity security assurance framework globally, working with the Group and Local assurance teams to ensure adoption

  • Drives adherence to standards, instructions and internal controls.

  • Contributes to the convergence of the security disiciplines (information security, physical security & safety and operational resilience) at group level via frameworks and instructions

  • Helps to articulate the risk landscape for senior management and risk committees

  • Works with the Group Risk Management (GRM) to align Security frameworks with GRM risk management frameworks (e.g. : third party risk assessment, instructions & standards …)

  • Supports the evolution of security within AXA, ensuring consistency with the Group Security Strategy.

Main Activities

  • The design and maintainance of security instructions and standards, and internal controls aligned to risks, threats and vulnerabilities.

  • Design and maintenance of converged security assurance framework, including support to entities, to group functions and change management activities

  • Identify global and local regulatory-driven security requirements, adapting group requirements as needed

  • Define measures for reporting on effectiveness of security controls

  • Support definition of reporting metrics, summarize high priority risk and control issues for the Senior Directors

  • Document information security and governance activities and if required provide information to external governance boards

  • Interact and manage key stakeholders, including local security teams (CSOs and reports), Group Security teams, Group Security Executive Committee, Group Risk, Internal Audit, etc.

  • Support and coordinate with AXA entities to adopt, adapt and implement security instructions

  • Identify changes in risk and threat landscape and recommend best practices to ensure continuous improvement in quality of the Security Framework and Governance

Profile

  • Fluent in English

  • Self-motivated and self-directed, someone who thrives in a fast-paced and high-visibility work environment

  • Experience interacting with Directors and all levels of management and leading large groups through information and change

  • Be able to solve complex problems with innovative solutions across Legal Entities, Country, Regional and Global matrix Organization.

  • Team player and ability to collaborate, influence and guide others

  • Good stakeholders management : Proven ability to present material to large audiences via conference calls 

Qualifications

  • University graduate with a degree in Business, IT, Security or a related subject

  • A post-graduate degree in a Security field is preferred

  • Information Security and /or Information Technology industry certification (CISSP-ISSAP, CISM, CRISC, GIAC or equivalent) is preferred

  • Overall work experience in the field: 8-10 years’ experience in security, audit or assurance field work

Skills & Competencies

Technical Knowledge:

  • Knowledgeable in Audit, Assurance, Regulatory & Review

  • Knowledgeable in Security risk & controls framework

  • Proficiency in Microsoft suite of applications (Excel including Pivot Table knowledge, PowerPoint, Word, Microsoft Project), SharePoint working knowledge

 Program/Controls Oversight:

  • Assurance oversight experience with proven record of providing effective monitoring across multiple functions

  • Ability to prioritize among multiple initiatives

  • Ability to work with the internal team, business teams, control officers and other control stakeholders integrating information and clearly articulating impacts and solutions

  • Ability to correlate incoming information to solve problems

Leadership

  • Creates an environment for developing and fostering excellence

  • Effectively communicates the group vision and goals and the benefits in achieving the same

  • Recognizes potential leaders and provides them with challenging assignments/stretch goals

  • Takes calculated risks in decision-making and seeks inputs from the team /stakeholders for the same.

Strategic Thinking

  • Articulates a vision, develops organizational goals and strategies

  • Maintains a wider perspective, aligns actions and contributes to the enhancement of the overall organizational strategy, including outputs from benchmarking activities and reviews

  • Understands and articulates the projected direction of the organization and how changes to it might impact the group

  • Is aware of trends in the external environment and key differentiators vis-à-vis competition and uses this information to anticipate how these changes would impact the organization

Decision making

  • Advises on decisions regarding strategy, policy, and structures

  • Quick to assimilate and integrate new information for informed decision making

  • Monitor changes in the operating environment, quick to act upon potential opportunities.

  • Able to quickly evaluate a situation or issue and take the initiative within limits of authority.

Transversal skills:

  • Ability to work in a matrix environment & with senior executives

  • Strong multi-cultural understanding and application

  • Ability to build collaborative relationships with both internal customers and program/project stakeholders

  • Facilitation, negotiation and influencing skills to achieve results in a matrix management environment

  • Problem solving, strong analytical skills

  • Ability to drive global results while remaining sensitive to local environments and cultural issues

  • Ability to implement processes, resources and objectives which support both short and long-term goals

  • Sense of urgency and efforts redirection if necessary to maintain sound time-management of programs and projects

  • Decision making and ability to work independently in a complex environment

  • Effective program management through the Group Operations values

We bring together the expertise, cultural diversity and creativity of over 8,000 employees worldwide and we’re committed to equal opportunities in all aspects of employment (gender, LGBT+, disabled persons, or people of different origins) and to promoting Diversity & Inclusion by creating a work environment where all employees are treated with dignity and respect, and where individual differences are valued.