Information Security GRC Lead
Posted on :
23-07-2024
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
- Implements security controls, risk assessment framework, and program that align to regulations requirements, ensuring documented and sustainable compliance that aligns with AXA Group Security Standards.
- Manage the cyber and information security risk management lifecycle, including gaining assurance of all existing and relevant cyber and information security policies and standards.
- Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves security positioning through process improvement, policy, automation, and the continuous enhancement of capabilities.
- Regularly produce full gap analysis reports on areas of improvement and risk, recommending thorough mitigation plans including justification for options considered.
- Implements processes (governance, risk and compliance) to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
- Defines and documents business process responsibilities and ownership of the controls in GRC. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
- experience in Implementing ISMS, performing internal reviews, drafting and enforcing policies in accordance with AXA Group Security, ISO 27001, and PCI-DSS.
- Work with the Third Party Risk Management (TPRM) lead to share good practice and ensure alignment for all cyber risks facing AXA both internal and external.
- Perform the Third-Party Risk Assessments (when applicable)
- Contribute to and check the contractual Cybersecurity clauses. Liaise with the Legal department whenever it is needed. Report to the project manager or to the management the risks of clause non-execution.
- Work with IT, and business teams in planning, process mapping, documentation and testing of cyber-focused elements of risk.
- Drive AXA's cyber and information security culture, acting in an ambassadorial role across the business, able to communicate to all levels of staff.
- Demonstrate an aptitude for reporting & communicating complex information security risk concepts to technical and non-technical audiences.
- Independently be able to produce comprehensive write ups of current risks and threats as they develop, producing expedient updates as situations change and span different threat vectors.
- Proactively monitor and inform senior stakeholders on emerging cyber risks and threats, providing a view through a business lens on potential impacts.
- Own the creation and presentation of cyber and information security performance against governance frameworks and risk appetite.
- Develop and maintain AXA's Security Risk Process including - assessing potential business impact that could result from a security breach, and the resultant value of the security of information; Identifying security weaknesses and vulnerabilities; Modelling security threat scenarios; Assessing the likelihood of such threat scenarios; Assessing the overall risk level and identifying and recommending appropriate controls to manage the risk.
- Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, Secondary assurance, Minimum Technical Security Baseline
- Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
- Documents and reports
Employment Type
Full-time
Company Industry
Department / Functional Area
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
