At AXA IM our purpose, to act for human progress by investing for what matters, is central to every action we take as a business. As a responsible asset manager, we actively invest for the long-term to help our clients, our people and the world to prosper.

As a future Security Expert Lead you will report to our Head of Cybersecurity Operation and you will be part of AXA IM Technology - Infrastructure team.

Cybersecurity Operation team provides expertise to stakeholders to leverage a risk-driven approach and support critical and vital activities for both projects and business-as-usual activities.

In this context, the intersection of cybersecurity and project management brings a unique set of challenges and opportunities. It requires a cybersecurity expert not only to understand the principles of cybersecurity but also to integrate them into project management process.

Expectations & Benefits are multiple: ensure that security services are, by design, correctly implemented and compliant with the expected level & with AXA group security policies, reduce time-to-market, increase user experience, raise quality of service & do savings by developing more simplification, more automation, more controls.

DISCOVER your opportunity

1- Technology and Information Security Projects (Primary mission)

• Support Technology business facing teams for their support and project activities providing cybersecurity expertise and engineering on technology solutions, and as part of project squads leading cybersecurity operations related activities.
• As new services are defined, or changes applied to production platforms, drive projects to achieve the desired outcomes within the set of delivered services. Develop necessary controls and processes to support operational risk, business continuity plan framework and IT security aspects.
• Work with the team to design new cybersecurity solutions. Manage end of life and obsolescence of platforms and cybersecurity solutions in line with AXA IM Technology strategy. Ensure impacts of new solutions have been assessed and are consistent with existing technology framework and architecture patterns. Lead technical related projects to implement and deploy these new cybersecurity solutions, including project streams part of SMART program.
• Integrate security into projects’ development and life cycle to improve and optimize the Security Policy
• Ensure project, infrastructure, application, and 3rd party risks are systematically & appropriately tested.
• Ensure Operational Security by implementing IT processes, upgrading existing processes and documenting both.
• Assess, challenge and review vulnerabilities criticality to deliver risk-based insights useable by business stakeholders (DPO, workplace, …)
• Ensure implementation of follow-up of remediation actions post assessment.
• Provide support to project and business stakeholders on deficiencies found and remediations to implement. 
• Contribute to enhancing and optimizing the efficiency of control activities by working hand-in-hand with all concerned stakeholders.
• Business enabler: adopt a pragmatic approach to support the business in a secure manner.

2- As part of cybersecurity operation team:

a. Security

• Follow company guidelines / regulations to ensure company data is held in a secure manner, including electronic access or in written format.
• Escalate any security issues or potential security breaches as appropriate to ensure any potential issues can be secured.
• Aligned with Information System Security policy and guidelines, develop and deploy processes that will ensure level 1 controls are in place, actioned and tracked.
• Deliver security projects to protect the overall infrastructure, in-line with AXA Group policy.
• Support IT audits as required and drive the recovery of any audit deficiencies to pre-agreed deadlines.

b. Innovation

• Develop a culture of innovation across the team, to deploy new services in a “value-add” and cost-effective way towards the business.

Nous nous engageons à vous offrir un environnement où vous pourrez :

Développez votre potentiel : Intégrer une entreprise engagée sur le développement de ses collaborateurs via une mobilité interne dynamique et une large offre de parcours de formation personnalisés.

Personnalisez votre manière de travailler : Travailler pour une entreprise qui s'engage à garantir flexibilité et équilibre à ses employés, en vous offrant une large gamme d'avantages (intéressement, télétravail, avantages sociaux compétitifs, etc.).

Epanouissez-vous par la diversité de notre communauté : Jouer un rôle au sein d'une entreprise inclusive qui reconnaît et valorise activement les différences individuelles dans un environnement de travail diversifié et inclusif.

Faites avancer le monde : Rejoindre un employeur responsable qui agit en faveur des causes sociétales et environnementales en tant qu'investisseur, assureur et entreprise, notamment au travers de l'association AXA Atout Cœur. Dans le cadre de notre engagement en faveur de la durabilité et de la responsabilité environnemental, nous célèbrerons votre arrivée en plantant un arbre.

SHARE your unique expertise

We Welcome Different Combinations Of Skills And Experiences.

Education & Experience:

• Master degree in Computer Science or significant experience in similar technical IT management roles.
• Minimum 5 years of experience in information security  
• Information risk approach and risks analysis experience mandatory
• Information Security and /or Information Technology industry certification (CISSP-ISSAP, CISM, ISO 27001 Lead Auditor, GIAC or equivalent) strongly preferred.
• Experience in advisory role on IT security for Business projects a plus
• Experience in managing complex stakeholder relationships mandatory

Key Competencies

• Client focus is a key asset. To be the business advocate for locally delivered services in a service-oriented manner.
• Cross cultural sensitivity, flexibility
• Organized with a proven ability to prioritize workload, meet deadlines, and use time effectively.
• Strong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, work effectively as a team player.
• Strong communication and awareness skills required to be able to also challenge technical experts (IT administrators, pentesters, developers, cloud engineer…), to support business explaining security challenges and to warn the senior management about new security risks/threats in clear and synthetic way.
• Wide security knowledge of technical matters: network security, system security, application security, cloud security…
• Cloud, blockchain and AI expertise strongly recommended.
• Able to explain security challenges and recommendations to non-IT stakeholders.
• Ability to function effectively in a matrix structure.
• Proven facilitation, negotiation and conflict resolution skills
• Strong team working.
• Fluent in English mandatory. Working knowledge of French preferred.

We would love to know more about you. Let’s connect! Send us your resume.