JOB ENVIRONMENT

 With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio. As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders. 

 As an integral part of AXA, at AXA Group Operations (AXA GO) we create innovative technology and data solutions to help AXA fulfil its ambition of being a customer-focused, tech-led company. AXA GO is a young and dynamic division launched in 2019 and comprises 8,000 employees across 17 countries all around the globe from Paris, France to Pune, India. We are the ones providing advice, steering technological choices and giving AXA access to innovations that will support its transformation into a customer-centric tech-led company. For this, we work in close partnership with all AXA entities.

 PRESENTATION OF THE CONTEXT AND AXA GROUP SECURITY

 Throughout AXA, the security community represents 1000 security professionals, working daily to protect our employees, customers, operations and brand. Our operating model gathers the three security disciplines Information Security, Operational Resilience and Physical Security & Safety. Our security mission is to ensure that AXA is safe, secure and resilient.

 AXA Group Security, as part of AXA GO, defines the security strategy, standards and provides assurance to the Group on the security maturity of all entities across AXA. In its role, it also supports our professional family in entities in maintaining their security posture and respond and coordinate responses to crisis.

This is accomplished through four strategic levers:

 Safe: It is about our people, have them ready to face security challenges including third parties, health professionals

 Secure: Secure the business of today and tomorrow, by increasing security effectiveness on a risk-based approach for all entities.

 Resilient: Enhance anticipation, detection and reaction capabilities in case of events & Security by design

 Simple: Simplify, converge and automate our services and activities

 The Cyberdefense Product and project team is responsible for creating and updating the tactical product roadmap, managing the operations of the security products, in addition to enhancing product capabilities to execute the strategy defined by Group Security and deliver Cyber products to the AXA entities.

 The Cyberdefense Product team oversees:

·         The management and the evolution of existing class 1 (mandatory) products named Vulnerability Management and Compliance Management.

·         A product is the combination of a Team, supporting information security Processes, operating a technology (Vulnerability and compliance scanning technology) and tools.

Our missions are to:

·         support our business strategy and digital transformation, AXA is setting up a new information security practice to ensure a coordinated response to the increasing threat of cybersecurity in Cloud environment (Public and Private)

·         The team performs and scheduling compliance and vulnerability scans on AXA network activity and infrastructure and generating reports to different teams (such as server admins, network administrators in order to mitigate scanned vulnerabilities).

Our goals are to:

·         Deliver Security compliance measurement to AXA group

·         Improve remediation activities using automation and technology

·         Deliver high quality services to AXA group

POSITION MAIN ACTIVITIES

 As Technical lead, you will

·         Develop and adapt products vision and roadmap in collaboration with the product manager and by discussing with customer / end-users

·         Contribute to the product backlog delivery, such as new feature and improvement, its delivery and its quality

·         Manage and optimize on a day-to-day basis AXA global vulnerability management platform

·         Lead major product and platform evolutions to support Security Operation Center (SOC) and Vulnerability Operation Center (VOC)

·         Lead “proof-of-concept” and represent AXA as a leading business partner with our third parties/vendor

·         Help evaluate business value and benefits of technical features

·         Determine whether a technical backlog item was satisfactorily delivered

·         Contribute to the day-to-day LOA (run) activities, leading by example

·         Ensure a high level of Quality-of-service (QoS) for AXA internal customers

·         Be a leader for the team and for AXA in term of expertise on the product technology and IS security process, aka Vulnerability management

·         Ensure transparency into the upcoming work of the team

·         Involve all relevant stakeholders (architecture, entities, security, data privacy etc.) to ensure technical feasibility

·         Coordinate internal resources and third parties/vendors for the flawless execution of projects

·         Raise alert and identify solution to ensure on time delivery 

·         Evangelize within and outside AXA about the solutions you develop and market them accordingly

·         Regular reporting of progress, risks, and issues towards the product manager and other stakeholders

·         Participate to Product governance and meetup

 Team structure: The team is led by one Product manager, and 4 people (FTE) for the LOA (run) activity and about 3-4 people part of the team on dedicated strategic project.

 We are looking for a team member that will support Cyberdefense Product manager as technical lead role.

 One of our target is to stay at the “state of art” of security while helping the team to be more agile.

Experience

·        Hands-on experience with vulnerability management tools (e.g. Kenna, Tenable, Qualys, Vulcan, Hackuity etc.)

·         Experience in implementing Hardening controls based on Security Industry Standards, such as CIS Benchmarks.

·         Experience in Private and Public Cloud Security 

·         Understanding of Workload Protection, including Servers, Workstation, Containers

·         Experience using an ITSM tool such as ServiceNow

·         Strong fundamentals in networking protocols and troubleshooting

·         Knowledge of hacking techniques, cyber threats and security trends

• Package consistent of: 45 days of paid leave, flexible working hours and 2 days of remote work, salary structured of fixed pay and bonus as well as many other benefits;
• Friendly work environment in brand new building in Paris with innovative work space;
• Working in a friendly atmosphere with great collegueas!

Education 

·         Post-graduate degree in IT or a closely-related subject to IS Security.

Certification

·        A certification in relation with Vulnerability Management is highly desired

·        ISC² CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Professional)

Overall work experience in the fields

·         Experience in Security > 3 years (required)

·         Experience in Security product day-to-day management (required)

Skills

·         Work on maturing vulnerability management & Compliance program services and processes

·         Develop and improve KPIs, metrics, and trend analysis for vulnerability management features

·         Take part of the implementation and operational best practices while taking ownership of tasks and/or project workstreams

·         PowerShell and Python scripting skills

·         Analytical thinking, time management and coordination skills

Language

·         Fluent in English is a necessity (including technical Information security English)