Job Description - Senior Information Security Assessor (14003487D20240111)
Senior Information Security Assessor (
Job Number:
14003487D20240111)
Location: Paris, France or London, UK
As an information security assessor, your responsibilities will include ensuring the effectiveness of Information Security controls throughout AXA XL, aligning with AXA XL assurance methodologies and frameworks. You will lead end-to-end assurance engagements, contribute to scoping and scheduling business engagements, and maintain the quality of assurance testing services delivered by both internal teams and vendors.
Responsibilities:
- Providing assurance over the effectiveness of Information Security controls across AXA XL entities and building the consolidated picture to AXA XL executive management, also supporting findings resolution or escalation.
- Expanding the area of expertise and assurance methodologies and contributing to the definition of the AXA XL Security assurance test strategy and approach to ensure AXA XL goals are tracked and met.
- Conducting need-based audits to assess the effectiveness of Information Security controls.
- Conducting assessments based on information risk and security requirements.
- Contributing to the scoping and scheduling of engagements with the business and managing any issues or conflicts.
- Conducting assurance engagements end-to-end.
- Contributing to assuring the quality of the assurance testing services provided by vendors or internal teams.
You will report to the Head of Information Security Assurance.
Required Skills:
- Ability to assess and provide assurance over a broad technology landscape and what it may look like in the future.
- Technical awareness of security concerns and focus areas when reviewing design documentation.
- Experience in penetration testing or offensive security roles.
- Ability to translate technical issues to business risks.
- Ability to recommend solutions relevant to the complexity, scope, risk, and magnitude of problems impacting the service level.
- Excellent communication skills with the ability to work effectively with senior management and explain complex matters succinctly and in plain language.
- Ability to take calculated risks in decision-making and seek inputs from the team/stakeholders.
- Ability to create mechanisms to recognize individual/group contribution and achievements.
- Ability to mentor other team members or service providers.
- Ability to advise on decisions regarding strategy, policy, and structures.
- Ability to assimilate and integrate new information for informed decision making.
- Ability to monitor changes in the operating environment and act upon potential opportunities.
- Ability to weigh things up quickly and take the initiative within limits of authority.
Interpersonal Skills:
- Ability to demonstrate assertiveness and empathy.
- Excellent oral communication and persuasive skills.
Qualifications / Experience - Must Have:
- Bachelor’s degree in information security, computer science, or equivalent.
- Professional certification in Information Security (e.g., CISSP, CISM, CISA, ISO 27001 Lead Auditor, etc.).
- Minimum of 5-6 years of experience within Information Security roles.
Qualifications / Experience - Useful:
- Experience conducting need-based audits to assess the effectiveness of Information Security controls.
- Experience conducting assessments based on information risk and security requirements.
- Knowledge and experience with security frameworks (NIST, ISO, CIS 20, MITRE).
- Audit or control experience (SOX, internal audit, external audit, CISA).
- Passionate about information risk and security.
- Interest in financial services industry.
Qualifications / Experience - Optional:
- Experience in AXA Group environment.
AXA XL is an Equal Opportunity Employer.