As Chief Security Officer, you will be in charge to define, challenge and execute AXA Climate global security policies both in accordance with AXA Group Security Strategy and AXA Climate business needs and particularities: Axa Climate is obviously part of Axa Group but is independent in terms of IT and offices. 

You will be in charge to manage the security team to cover all aspects of security: information risk management, cybersecurity, information security control, monitoring, information privacy, operations, identity access management, security architecture. You will have to onboard and structure the businesses on these topics and globally raise the awareness of all collaborators on these issues.

At the crossroads of many stakeholders - the businesses, the IT Team, the Tech Team, the CEO, you will:

• Implement security strategies, policies, shared security services and action plans based on the Group Security Strategy.

• Collaborate with AXA Group Security Practices and all AXA Climate stakeholders to ensure that security within AXA Climate is relevant, cost-effective and is delivered in accordance with the Group Security Strategy.

• Identify and analyze risks, recommend appropriate mitigation options and document all components in clear, business-intelligible language.

• Report to AXA Group according to their security monitoring framework.

• Identify and implement coordinated responses to security audit and compliance issues.

• Serve as an expert advisor in the implementation and maintenance of security.

• Monitor system confidentiality, integrity and availability and manage information security incidents.

• Monitor and control Operational Resilience risks and security measures (risk assessment, BCP controls, crisis management process and reporting controls)

• Monitor and control Physical Security risks and security measures (risk assessment, policies design and controls, traveler security monitoring)

• Maintain an understanding of emerging technology, risks and industry trends. Assess the impact on the business environment and recommend appropriate mitigation actions or the prioritization of projects and investments.

• Manage the information security budget, staffing and operations.

• Promote a culture of security and raise awareness.

Education:

• A degree in information security, computer science, information management systems, Business, Accounting or related field

• A post-graduate degree in security or general management (such as an MBA) is an advantage but not essential

Certification

• Information Security and /or Information Technology industry certification (CISSP-ISSAP, CISM, ISO 27001 Lead Auditor, GIAC or equivalent) strongly preferred

• Business Continuity Industry certification (MBCI, DRII…) is an advantage but not essential

• Physical security certification (CPP, PSP, BTEC…) is an advantage but not essential

Overall work experience in the field

• Experience in security, IT audit or related area > 10 years

• Leadership / management experience > 7 years

• Previous experience of reporting to a CEO, CIO, Chief Audit Officer, Chief Risk Officer or other senior executive in an international organization required.

Skills / abilities

• Pragmatic, Business & Solution-oriented.

• Strong Communication Skills.

• Strong Leadership.

• Fluent in english.

• Demonstrated interests in climate and environmental issues.