This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.
Information Security - Senior Lead - Security Culture Change
Ipswich, UK
The Senior Lead - Security Culture Change (SL) is a new role that is required to help deliver security culture change at AXA XL. We have embarked on a multi-year program to elevate security awareness and bring about security culture change throughout our business. We have developed our program and are now looking for someone that has brought about large-scale culture change to drive this forward to the next stage of evolution. Effective communication skills are a must as the candidate will be supporting colleagues globally and dealing with senior stakeholders.
DISCOVER your opportunity
The SL works under the responsibility of the Head of IS Services and Risk Management and will report to the Security Awareness Program Lead. This is a hands-on role where the SL will be expected to work in a relatively small team of experts. The responsibilities of the role will include the following:
- Develop detailed project plans to deliver the outcomes based on the high-level plans.
- There are 6 initiatives that will commence in 2024:
- Roll out surveys to poll new and existing colleagues' security awareness proficiency and security culture index score.
- Develop and rollout security awareness challenge to raise money for charity.
- Design and develop targeted awareness training of high-risk areas of the business.
- Implement a security non-compliance tool in the form of a time since last incident clock.
- Implement a network of business and IT colleagues that will act as Security Champions across AXA XL. Establish the governance and drive the initiative forward.
- Develop and deliver microlearning utilizing agile communication technologies.
- Participate in assessment of different business lines security risks to develop training plans and educate colleagues.
- Develop security guidelines crafted in a manner that is accessible to people with varying levels of technical experience.
- Understanding of different methods used to train colleagues, campaigns, phishing, gamification.
- Effective understanding of Phishing, Smishing, Social Engineering and other common methods that are used by cyber-criminals to prey on employees.
- The ability to communicate with senior management and senior security staff.
- The ability to lead one-on-one or small group sessions with colleagues to teach them about security threats and how to follow company security awareness standards.
SHARE your talent
We're looking for someone who has these abilities and skills:
- Ability to navigate dealing with many different sets of security questions.
- A cordial attitude to assisting colleagues and educating them about potential threats.
- Ability to effectively work with and contribute to a close-knit team while also being a self-starter are critical to success.
- Ability to prioritize among competing priorities.
- Experience of implementing large-scale security culture change.
- Organizational skills and the ability to manage multiple reviews and tasks at the same time are essential.
- Research and development skills in all areas of information security are essential. A detailed understanding of CISSP CBK, ISO 27001/2:2013 and associated Global Data Regulations is a plus.
- Understanding the security impact and implementation of the triad (Confidentiality, Integrity, and Availability) on company networks and the appropriate risk model to present to business management.
- Ability to communicate with upper management/executive level, lawyers, Information security and non-IT colleagues as well as third-party contacts is a must.
- Multiple languages a plus - English plus German, French or Spanish etc.
- Excellent technical writing skills.
- Information Security or IT background is helpful along with other related practical experience which should include a working knowledge of some if not all of the following security services and tools:
- CISSP Domains and knowledgebase.
- ISO 27000 suite of standards.
- Ethical hack/penetration tests.
- Firewall technologies.
- Cloud security.
- Access control.
- Encryption in Transit and Rest.
- Microsoft Azure, Microsoft Office, Microsoft Information Protection and Microsoft DLP.
FIND your future
AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks. For mid-sized companies, multinationals and even some inspirational individuals we don't just provide re/insurance, we reinvent it.
With an innovative and flexible approach to risk solutions, we partner with those who move the world forward.
Learn more at axaxl.com
Inclusion & Diversity
AXA XL is committed to equal employment opportunity and will consider applicants regardless of gender, sexual orientation, age, ethnicity and origins, marital status, religion, disability, or any other protected characteristic.
At AXA XL, we know that an inclusive culture and a diverse workforce enable business growth and are critical to our success. That's why we have made a strategic commitment to attract, develop, advance and retain the most diverse workforce possible, and create an inclusive culture where everyone can bring their full selves to work and can reach their highest potential.
Sustainability
At AXA XL, Sustainability is integral to our business strategy. In an ever-changing world, AXA XL protects what matters most for our clients and communities. We know that sustainability is at the root of a more resilient future.