Consultant - Risk and Assurance (ISRA)

Job Purpose:

• Delivering Information Security Assurance Plan based on ISO Risk Management to secure project by

design.

• Conduct security risk assessment using tools to capture and record operational security risks.

• Deliver Information Security Assurance Plan to help IT Projects during their implementation.

• Collaborate with Information Security Analysts, Global IT Risk assessor o to scope the security risk

management and reporting requirements from AXA Group Operations risk management framework.

• To socialize security risk assessment schedules and requirements with stakeholders, including third

party service providers.

• Assess and classify security risk assessment outputs and rate security risks as per the AXA GO security

risk management framework.

• Collaborate with Information Security Analysts and engage with AXA GO Operational teams to

walkthrough the results of the security risk assessment and seek mitigation action plans with timelines

for each of security risks.

• Collaborate with Information Security Specialist and escalate to Global IT Risk Assessor on lack of

progress.

• Collaborate with Group Operational risk team to share all security risks that have potential for Group

wide impact.

• Support, review, and quality assure assurance Reporting and Dashboard.

Key Responsibilities:

• Experience in Information Security, IT risk management (GRC). Looking for 7+ years of experience.

• Knowledge on Regulatory Frameworks - NIST Cybersecurity Framework, PCI DSS, STIG, GDPR, SANS, ISO27001 and ISO 27002, CIS Controls.

• Worked on Technology Security - Cloud (AWS, Azure, GCP), Infrastructure (Servers, Firewall,

Mainframes, SIEM, Networking components, etc..), Application testing/security.

• Conducting/Reviewing the SAST and DAST, cyber security (Email security, Vulnerability Management,Malware analysis, etc.)

• Expertise in Security Management frameworks and standards like NIST, PCI, CIS and OWASP.

• IT Risk & Compliance expertise with experience in assessing Infra/Applications against IT regulatory and security technical controls.

• Sound knowledge on cloud technology and concepts for CSP like AWS, MS Azure, GCP and DevSecOps.

• Knowledge of Windows, Linux, Oracle, SQL, Networks, Firewalls and Cloud computing.

• Extensive knowledge of data management and information security principles.

• Experience with IT security vulnerabilities and IT security audit procedures.

• Liaise with the internal IT and Operations resources to ensure all deliverables are met.

• Superior project management, organizational, communication, and time management skills.

• Hands on experience on information security Risk Assessment methodology (Asset Criticality

Rating/Information Security Assurance Plan/Residual Risk Rating).

• Experience in preparing assurance plan.

• Exposure on assessing risks on IT infrastructure, applications, web sites and cloud solutions.

• Ability to deliver risk assessment outputs and rate security risk as per internal risk management

framework.

• Experience in dealing with external providers, solution engineers, designers, and business/system/asset owners.

• Exposure in articulating security risks to other teams globally.

• Relevant certifications such as CISSP, CISM, CEH, CRISC or GIAC.

Key stakeholders:

• Internal actors: Expected to interact with IT Operations & Business Operations, Group Procurement,

Legal, Data Privacy, Local Information Security teams, peers.

• External actors: Expected to interact with stakeholders and partners