Security Testing Technical Assurance Lead
AXA Group
il y a 11 jours
Date de publicationil y a 11 jours
S/O
Niveau d'expérienceS/O
Temps pleinType de contrat
Temps pleinCompany statement
With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio. As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders. AXA is setting-up a Group Information Security practice in order to reinforce its short-term risk reduction strategy, aligned with AXA strategy & culture and based on the industry standards.
Business unit statement
The position is part of AXA Group Operations in the Group Security division. Our security mission is to ensure that AXA is safe, secure and resilient. Throughout the Group, 1000 security professionals are working daily to protect our customers, employees, operations and brand. Our operating model gathers the three security disciplines Information Security, Operational Resilience, and Physical Security, Health & Safety to anticipate and face threats.
Job purpose
The scope of work includes oversight of Security testing activities like pentests or DAST, including the definition and maintenance of a Group-wide strategy, framework, policies and detailed guidance for Security Testing
Reporting to the Red Team Executive Manager, this role is accountable for:
oMaintaining the AXA Group "security testing framework" to constantly align it with AXA Group Security Strategy. This framework aims at fully documenting, and centralizing, clear, concise, and measured approaches to security testing ensuring that the organizations risk profile is reduced, and that it is not left exposed or open to exploitation or data theft.
oEnsuring that security testing performed by all AXA's entities comply with the security testing framework in terms of scope, testing frequency, remediation of identified vulnerabilities in a timely manner.
oChallenging the accuracy of the reporting and the quality of the security testing activities performed by the entities.
oLeading a team of Security testing technical assurance officers, based in India, which review penetration testing reports (by sampling) into detail, and organize some retests when necessary
Giving an aggregated view at group level of security testing and findings, to continuously improve this activity.
Key responsibilities - accountabilities
Evaluate and report on the coverage and depth of test done by entities, using sampling methodology on internet facing systems
Perform secondary assurance on critical vulnerabilities using a sampling approach, including the vulnerabilities accepted by local risk teams.
Share Secondary assurance outcomes with the entities and aggregated at group level to continuously improve the Security testing activities.
Communicate critical issues and status updates in a timely manner to the necessary stakeholders
Identify, analyze, exploit and recommend mitigating actions for vulnerabilities affecting Security and business-critical applications.
Analyze repeated issues found in a cross section of engagements and use this information to develop highly bespoke, relevant action plans to remediate the core issues. Important
Produce lessons learnt by detecting repeated deficiencies and understand root causes.
Present on a regular basis to senior stakeholders within Security and Group Security and ensure appropriate buy-in and focus.
Evaluate and report on the coverage and depth of test done by entities, using sampling methodology on internet facing system
Education
Bachelor's Degree in Computer Science, Information Technology, or related field
Overall work experience in the field
University graduate with a degree in Business, IT or a related subject.
A post-graduate degree in Security is preferred
Security testing certification (e.g. SANS GIAC GPEN, TIGER, EC-Council CEH/LPT, OSCP, CREST CCT)
Experience in applying methodologies and principles for all levels of Security > 3 year
Experience with technologies, tools and process controls to minimize risk and data exposure > 5 year
Information Security Assurance Methodologie
Information Security Management
Skills / abilitie
Ability to work in a matrix environment & with senior executive
Strong multi-cultural understanding and application
Ability to build collaborative relationships with both internal customers and program/project stakeholder
Facilitation, negotiation and influencing skills to achieve results in a matrix management environment
Problem solving, strong analytical skill
Ability to drive global results while remaining sensitive to local environments and cultural issue
Ability to implement processes, resources and objectives which support both short and long-term goal
Decision making and ability to work independently in a complex environment
Information collection and analysi
Excellent communication skill
High degree of work ethics and professionalism; leads by example
Fluent in English
As a world-leading insurance company, we act for human progress by protecting what matters. With 153,000 employees in 54 countries working with 105 million customers, we've created a truly dynamic and vibrant community. Inclusion and diversity link closely with our values, and together we're nurturing a culture of
respect, for each other, for our customers and the communities around us. Join AXA and you'll feel like you belong, are included and can thrive. You'll be able to shape the way you work and truly grow your potential as you seek out new opportunities, push boundaries and benefit people in critical moments of their lives. This is your chance to build the tomorrow you want. Know you can.
AXA is becoming a sustainable tech-led company and at AXA Group Operations we are one of the major catalysts for this transformation.
We set the tone by triggering and empowering the evolution of our insurance business model through technology and innovation, driving its concrete implementation globally at speed, with a high quality of advisory and execution.
We are present across 17 countries with committed, highly qualified teams. We leverage technology, data, sourcing, security and investment allocation in a global way, but also achieve economies of scale and synergies when necessary.
At AXA Group Operations, we want to be recognized in three fields of action:
With over 102 million customers in 56 countries, AXA's strong global franchises and three lines of expertise - Property & Casualty, Life & Savings and Asset Management - provide a distinctive business portfolio. As a company whose business is to protect people, we have a responsibility to leverage our skills, resources and risk expertise to build a stronger and safer society. To achieve our mission, we are committed to redefining the standards of our business so that we truly differentiate ourselves and earn the trust of our key stakeholders. AXA is setting-up a Group Information Security practice in order to reinforce its short-term risk reduction strategy, aligned with AXA strategy & culture and based on the industry standards.
Business unit statement
The position is part of AXA Group Operations in the Group Security division. Our security mission is to ensure that AXA is safe, secure and resilient. Throughout the Group, 1000 security professionals are working daily to protect our customers, employees, operations and brand. Our operating model gathers the three security disciplines Information Security, Operational Resilience, and Physical Security, Health & Safety to anticipate and face threats.
Job purpose
The scope of work includes oversight of Security testing activities like pentests or DAST, including the definition and maintenance of a Group-wide strategy, framework, policies and detailed guidance for Security Testing
Reporting to the Red Team Executive Manager, this role is accountable for:
oMaintaining the AXA Group "security testing framework" to constantly align it with AXA Group Security Strategy. This framework aims at fully documenting, and centralizing, clear, concise, and measured approaches to security testing ensuring that the organizations risk profile is reduced, and that it is not left exposed or open to exploitation or data theft.
oEnsuring that security testing performed by all AXA's entities comply with the security testing framework in terms of scope, testing frequency, remediation of identified vulnerabilities in a timely manner.
oChallenging the accuracy of the reporting and the quality of the security testing activities performed by the entities.
oLeading a team of Security testing technical assurance officers, based in India, which review penetration testing reports (by sampling) into detail, and organize some retests when necessary
Giving an aggregated view at group level of security testing and findings, to continuously improve this activity.
Key responsibilities - accountabilities
Evaluate and report on the coverage and depth of test done by entities, using sampling methodology on internet facing systems
Perform secondary assurance on critical vulnerabilities using a sampling approach, including the vulnerabilities accepted by local risk teams.
Share Secondary assurance outcomes with the entities and aggregated at group level to continuously improve the Security testing activities.
Communicate critical issues and status updates in a timely manner to the necessary stakeholders
Identify, analyze, exploit and recommend mitigating actions for vulnerabilities affecting Security and business-critical applications.
Analyze repeated issues found in a cross section of engagements and use this information to develop highly bespoke, relevant action plans to remediate the core issues. Important
Produce lessons learnt by detecting repeated deficiencies and understand root causes.
Present on a regular basis to senior stakeholders within Security and Group Security and ensure appropriate buy-in and focus.
Evaluate and report on the coverage and depth of test done by entities, using sampling methodology on internet facing system
Education
Bachelor's Degree in Computer Science, Information Technology, or related field
Overall work experience in the field
University graduate with a degree in Business, IT or a related subject.
A post-graduate degree in Security is preferred
Security testing certification (e.g. SANS GIAC GPEN, TIGER, EC-Council CEH/LPT, OSCP, CREST CCT)
Experience in applying methodologies and principles for all levels of Security > 3 year
Experience with technologies, tools and process controls to minimize risk and data exposure > 5 year
Information Security Assurance Methodologie
Information Security Management
Skills / abilitie
Ability to work in a matrix environment & with senior executive
Strong multi-cultural understanding and application
Ability to build collaborative relationships with both internal customers and program/project stakeholder
Facilitation, negotiation and influencing skills to achieve results in a matrix management environment
Problem solving, strong analytical skill
Ability to drive global results while remaining sensitive to local environments and cultural issue
Ability to implement processes, resources and objectives which support both short and long-term goal
Decision making and ability to work independently in a complex environment
Information collection and analysi
Excellent communication skill
High degree of work ethics and professionalism; leads by example
Fluent in English
As a world-leading insurance company, we act for human progress by protecting what matters. With 153,000 employees in 54 countries working with 105 million customers, we've created a truly dynamic and vibrant community. Inclusion and diversity link closely with our values, and together we're nurturing a culture of
respect, for each other, for our customers and the communities around us. Join AXA and you'll feel like you belong, are included and can thrive. You'll be able to shape the way you work and truly grow your potential as you seek out new opportunities, push boundaries and benefit people in critical moments of their lives. This is your chance to build the tomorrow you want. Know you can.
AXA is becoming a sustainable tech-led company and at AXA Group Operations we are one of the major catalysts for this transformation.
We set the tone by triggering and empowering the evolution of our insurance business model through technology and innovation, driving its concrete implementation globally at speed, with a high quality of advisory and execution.
We are present across 17 countries with committed, highly qualified teams. We leverage technology, data, sourcing, security and investment allocation in a global way, but also achieve economies of scale and synergies when necessary.
At AXA Group Operations, we want to be recognized in three fields of action:
- State-of-the-art Data Technology to drive customer experience
- State-of-the-art Procurement & Sourcing to drive efficiency and better manage risks
- High-Performing Global Team for stronger partnerships with AXA entities
RÉSUMÉ DE L' OFFRE
Security Testing Technical Assurance LeadAXA Group
Paris
il y a 11 jours
S/O
Temps plein