Technical Assurance Owner
AXA en France
Contract type
permanent
Function
IT-Security
Education
bachelor degree
Location
PARIS, 75-PARIS, France

The key responsibilities of the Technical Assurance owner are the following ones:

 

  • Support the Group Operations Security / Information Security Executive Manager in achieving the department’s objectives.

 

  • Oversight of the Group IT/ CyberDefense / Pentest execution team
    • Ensuring right funding is allocated by Group IT/ CyberDefense department for continuous pentesting
    • Prioritizing assets to be pentested in continuous pentesting (DAST included)
    • Monitoring campaign of pentests
    • Confirm criticality of vulnerabilities raised during pentesting activity
    • Ensuring the remediation of issues detected in pentests
    • Reporting to Group Security
    • Performing primary assurance on pentesting /remediation
  • Ensure Minimum Technical Security Baseline (MTSB) compliance for GO as an OpCo
    • Automating measurement/Manually measuring  technical security controls related to hardening
    • Co-Building with IT & Security teams remediation plans on gaps with hardening configurations
    • Monitoring remediation by IT & Security teams
    • Review Security Exceptions raised on MTSB
    • Manage a fortnightly GO MTSB Governance Meeting
  • Automate Security Assurance & Monitoring
    • Ensure Digital Hub completeness & information accuracy by
      • Regularly review declared assets to check if they are still live & information provided is accurate
      • Search for undeclared assets
    • Monitor AXA GO Bitsight score (all Internet Facing assets), & improve score by monitoring remediation on vulnerabilities detected
  • Manage S1/S2 Security Incidents & Critical/High/Medium Security Threats
    • Measuring impact on AXA GO
    • Coordinating with IT & Security teams remediation/mitigation if impact confirmed
    • Communicating towards entities on AXA GO remediation/mitigation plan progresses
    • On Medium Security Threats, measuring impact on AXA GO depending on volumes impacted

Competencies / Skills

Education & certification

 

Education

  • Bachelor degree in Computer Science, Engineering, or related field.
  • An MSc Information Security would be desirable but is not essential

Certification

  • Certified Information Systems Security Professional (CISSP) preferred
  • ISO 27001 Lead Implementer or ISO 27001 Lead Auditor certification strongly preferred
  • Offensive security certification (              OSCP, OSWP, OSCE, OSEE, OSWE) preferred

 

Overall work experience in the field

  • Experience in information security or information technology > 8 years
  • Experience working in Financial Services sector preferred but not required
  • Hands on experience with testing frameworks such as the Open Web Application Security Project (OWASP), Penetration Testing Methodologies and Standards (PTES) or National Institute of Standards and Technology (NIST)

 

Skills / Abilities

  • Ability to effectively operate in a decentralized and political corporate environment
  • Ability to function effectively in a matrix structure
  • Data analytics skills
  • Team player
  • Fluent in English

We bring together the expertise, cultural diversity and creativity of over 8,000 employees worldwide and we’re committed to equal opportunities in all aspects of employment (gender, LGBT+, disabled persons, or people of different origins) and to promoting Diversity & Inclusion by creating a work environment where all employees are treated with dignity and respect, and where individual differences are valued.