Cyber Security Technical Lead

• Ensure SDLC, Business Change and IT change management processes mature to deliver mandatory cyber and information security outcomes.
• Develop and maintain AXA's Security Risk Process including - assessing potential business impact that could result from a security breach, and the resultant value of the security of information; Identifying security weaknesses and vulnerabilities; Modelling security threat scenarios; Assessing the likelihood of such threat scenarios; Assessing the overall risk level and identifying and recommending appropriate controls to manage the risk.
• Conduct Technical Analysis, modelling threat scenarios in order to update the Risk Process, focusing on identifying new information and cyber security threats arising from new and changed IT systems and applications.
• Conduct Risk Analysis of systems and infrastructures under development, by assisting the relevant business and IT parties in the application of the Risk Process; in particular, liaise with these groups to ensure early involvement of the Risk Process in new developments.
• Conduct Risk Analysis of existing systems, by review of current security status from existing IT and external Audit records and by review, consolidation and resolution of outstanding Information and Cyber security risk acceptances or non-compliance.
• Provide Cybersecurity architecture best practices and Cybersecurity requirements in the other fields
• Design, support the implementation and control the Cybersecurity of architectures
• Ensure the Cybersecurity of AXA’s critical systems (e.g. platform, solution, service)
• Perform Cybersecurity watch
• Upon request, provide assistance on other critical topics (e.g. incidents, vulnerabilities) Accountability
• Provide Cybersecurity architecture best practices and Cybersecurity requirements in the other fields
• Design, support the implementation and control the Cybersecurity of architectures
• Determine Cybersecurity requirements in a way to fulfill business objectives and AXA Cybersecurity requirements
• Plan, research and design robust Cybersecurity architectures
• Including full product or information management covering the full lifecycle, Including DRP (Disaster Recovery Plan), log management, potential integration issues and cost constraints, when applicable
• Anticipate possible Cybersecurity risks, identify areas of weakness, and respond effectively to possible Cybersecurity breaches
• Remain up to date with the latest Cybersecurity systems, standards, authentication protocols, Cybersecurity solutions, software/component vulnerabilities and threats
• Design, support the implementation and control the Cybersecurity of architectures
• Acquire a deep understanding of technology (Information Systems and/or Industrial Control Systems)
• Depending on the project, design concept / software / components/ infrastructure / Cloud based Cybersecurity architectures
• Control that the Cybersecurity requirements are fulfilled during all the phases of the BCP (Business Continuity Plan) and DRP (Disaster Recovery Plan) when applicable
• Follow the critical systems (platform, solution, service) during their whole life cycle:
• Ensure Cybersecurity has been taken into account in the RFIs/RFQs/RFPs (Request For Information/Quotation/Proposal)
• • Advise on the architecture
  • Write/validate the Cybersecurity requirements
  • Advise on possible evolutions. Propose/contribute to a roadmap for improvement.
  • Assist in the Supplier selection.
  • Advise on the detailed architecture (e.g. review, reuse, change)
  • Control the Cybersecurity requirements, Before the Go-Live and during the Run
  • Whenever contractual obligations require it

Experience, Knowledge and Skills:

Education & certification

Skills / Abilities

• Extensive experience in Cybersecurity, in-depth knowledge of Cybersecurity strategies and architectures
• Extensive experience in Information Systems and/or Industrial Control Systems / IT risk management with a focus on Cybersecurity, performance and reliability
• Solid understanding of Cybersecurity protocols, cryptography, authentication, authorization
• Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework
• Penetration testing/ Purple Team / Threat Intelligence / Threat Hunting or similar background, or demonstrable experience
• Experience in web / mobile and application development
• Experience implementing multi-factor authentication, single sign-on, identity management or related technologies
• Ability to interact with a broad cross-section of personnel to explain and enforce Cybersecurity measures
• Excellent written and verbal communication as well as business acumen.
• Experience and strong knowledge in Cybersecurity
• Knowledge of risk assessment models
• Knowledge of auditing and reporting procedures
• Ability to implement risk monitoring and testing procedures
• Ability to build relationships with key stakeholders
• Ability to understand broader business issues
• Strong communication and presentation skills