AXA XL is a new division of AXA and is the result of the recent merger of the former entities XL Catlin, AXA Corporate Solutions/Matrix, AXA Art and AXA Insco. The organization has as an objective to centralize enterprise security risks, effectively record them, qualify/quantify them, manage them to keep them within appetite and report on them regularly. The Security Risk Management methodology is composed of various parts, like the Data Classification and The line of Business Risk Assessment which records the most important information assets from the Line of Businesses and their associated Security risks. The Application Risk Assessment measures the frequency and impact of the Security Risks of the applications holding valuable AXA XL data. The Risk Acknowledgement and Mitigation Plan (RAMP) process records information-related risks and seeks to obtain business ownership of them. Individual RAMPs are reviewed by the RAMP Review Group (RRG), which agrees on deadlines for mitigation or even to escalate the final decision to higher committees within AXA XL. Security is the owner of this program and is responsible for all the associated tasks which make the process work. Security is expected to drive the different initiatives associated with the program, report on them and regularly synthesize them as a single report for up to C-Level leaders for decision. The Risk Analyst will work under the responsibility of the Head of IS Services and Risk Management or delegate. The responsibilities of the role will focus on the Application Risk Assessment process that evaluates the risks induced by the application systems.
DISCOVERyour opportunity
What will your essential responsibilities include?
·Support the business and IT stakeholders in the creation of Application Risk Assessments (ISARA).
·Act as a liaison between IS, IT and business stakeholders to evaluate the risks associated with applications.
·Help prepare and format the ISARA in the associated tools.
·Identify the key information about the application & perform the application impact assessment.
·Perform a control assessment and evaluate the effectiveness of the controls.
·Rate the identified risks and update the global methodology.
·Propose remediation actions and define an action plan.
·Monitor the remediation of the risks in the risk register.
·Review the most important changes to Applications and ensure those changes have been updated into their ISARAs, and monitor any new risk identified.
·Communicate weekly on the top identified risks that are currently monitored.
·Ensure up-to-date Information Security risks metrics are ready to be distributed as required.
·Produce monthly reports to the local IT, Security and Risk governance on the residual risks that were acknowledged/accepted and most importantly monitored risks.
·Act as a champion for Information Security when dealing with areas of the business, providing assistance with the raising of information risks and explaining current policy as required
You will report to the Information Security Specialist.
SHARE your talent
We’re looking for someone who has these abilities and skills:
Required Skills and Abilities:
·Fluent in English (Required).
·Master’s degree in Computer Science, Engineering, or related field with a minimum of 5 years of professional experience in Risk Management (Required) and/or Information Security (Preferred).
·Expert in synthesizing and clearly communicating complex information to all audiences up to C-Level leaders (Required).
·Experience in articulating risks in business language and advising on the appropriate risk management action (Required).
·Excellent attention to detail and the ability to create clear, concise and engaging presentations breaking down difficult problems (Required).
·Expert analytical and reporting skills (Required).
·Excellent interpersonal and collaborative skills (Required).
·Expert in Microsoft Office (Word, Excel, PowerPoint, SharePoint) (Required).
Desired Skills and Abilities:
·Experience in multinational companies (Required).
Let our experts design a Professional CV for you.