Job Description - Security Consultant, Information Security
Job Number: 16001231D20230530
DISCOVER your opportunity
The role will be to provide security expertise to programs as well as AXA XL sub-entities. You will provide dedicated support and security related technical expertise to your respective business partners to enable the business to deliver safe and secure services.
The role will involve working with key business partners and project managers to understand and guide them through the security due diligence process. This includes performing risk assessments of current product increments, providing guidance and acquiring outcomes/decisions from the project managers, enterprise architect, technical architect, solutions architect, data privacy officer, portfolio management office, strategic change development, IT Infrastructure and Operations and penetration testers. This role entails supporting existing relationships, ensuring business partners are kept up to date with security initiatives, whilst supporting them to implement good security.
Responsibilities:
- Partnering with AXA XL business units including Innovation and Data Analytics, AXA XL Re-Insurance and others to ensure security is managed effectively.
- Manage governance to support these activities.
- Raise awareness of all security activities with understanding of risk impact and reporting.
- Providing Information Security consultancy including advice for projects, solution design, audit/assurance and application of security policy, standards, regulation, and good practice.
- Ensure ad-hoc review meetings with stakeholders take place, as needed.
- Supporting the assessment and interpretation of risk, recommending risk treatment options, tracking, and supporting remediation or acceptance.
- Develop and maintain relationship with business partners to proactively engage and understand plans and to ensure security requirements are considered.
- Review of in-scope project security requirements and evidence provided by the project manager or scrum master to support closure of Secure Project Lifecycle processes where the business units require support.
- Liaise between business units to support development of Risk Acknowledgement and Mitigation Plans (RAMPs).
We’re looking for someone who has these abilities and skills:
- Bachelor’s degree in computer science, Engineering, or related field.
- Excellent knowledge of working within an Agile Framework such as SAFe.
- Advanced knowledge of working in a DevSecOps environment.
- Knowledge of performing project risk assessments.
- Experience in performing Information Security technical risk assessments.
- Proficient in information security risk and governance frameworks (ISO 27005, EBIOS).
- Expert analytical and reporting skills.
- Expert in Microsoft Office (Word, Excel, PowerPoint, Access).
- Ability to effectively communicate and positively influence diverse stakeholders and team members.
- Excellent attention to detail and the ability to create clear, concise, and engaging presentations.
- Information Security certification (CISSP, CISM or equivalent).
- Experience in articulating IS risks in business language and advising on the appropriate risk management action.
- Experience in information security management reporting and related methodologies.
- Experience in multinational companies.
Location: GB-GB-Ipswich
Work Locations: GB Ipswich 2nd floor, Civic Drive
Job Field: Information Technology
Schedule: Full-time
Job Type: Standard