Information Security - Senior Lead – Security Culture Change
Ipswich, UK
The Senior Lead - Security Culture Change (SL) is a new role that is required to help deliver security culture change at AXA XL. We have embarked on a multi-year program to elevate security awareness and bring about security culture change to throughout our business. We have developed our program and are now looking for someone that has brought about large-scale culture change to drive this forward to the next stage of evolution. Strong communication skills are a must as the candidate will be supporting colleagues globally and dealing with senior stakeholders.
DISCOVERyour opportunity
The SL work under the responsibility of the Head of IS Services and Risk Management and will report to the Security Awareness Program Lead. This is a hands-on role where the PM will be expected to work in a relatively small team of experts. The responsibilities of the role will include the following:
1. Develop detailed project plans to deliver the outcomes based on the high-level plans.
2. There are 6 initiatives that will commence in 2024:Roll out surveys to poll new and existing colleagues’ security awareness proficiency and security culture index score.Develop and rollout security awareness challenge to raise money for charity.Design and develop targeted awareness training of high-risk areas of the business.Implement a security non-compliance tool in the form of a time since last incident clock.Implement a network of business and IT colleagues that will act as Security Champions across AXA XL. Establish the governance and drive the initiative forward.Develop and deliver microlearning utilizing agile communication technologies.
3. Participate in assessment of different business lines security risks to develop training plans and educate colleagues.
4. Develop security guidelines crafted in a manner that is accessible to people with varying levels of technical experience.
5. Understanding of different methods used to train colleagues, campaigns, phishing, gamification.
6. Effective understanding of Phishing, Smishing, Social Engineering and other common methods that are used by cyber-criminals to prey on employees.
7. The ability to communicate with senior management and senior security staff.
8. The ability to lead one-on-one or smalls group session with colleagues to teach them about security threats and how to follow company security awareness standards.
SHARE your talent
We’re looking for someone who has these abilities and skills:
9. Strong English written and verbal skills mandatory
10. Ability to navigate dealing with many different sets of security questions
11. A cordial attitude to assisting colleagues and education them about potential threats
12. Ability to effectively work with and contribute to a close-knit team while also being a self-starter are critical to success
13. Ability to prioritize among competing priorities
14. Experience of implementing large scale security culture change.
15. Organizational skills and the ability to manage multiple reviews and tasks at the same time are essential
16. Research and development skills in all areas of information security is essential. A detailed understanding of CISSP CBK, ISO 27001/2:2013 and associated Global Data Regulations is a plus
17. Understanding the security impact and implementation of the triad (Confidentiality, Integrity, and Availability) on company networks and the appropriate risk model to present to business management.
18. Ability to communicate with upper management/executive level, lawyers, Information security and non-it colleagues as well as Third party contacts is a must.
19. Multiple languages a plus – English plus German, French or Spanish etc.
20. Excellent technical writing skills
21. Information Security or IT background is helpful along with other related practical experience which should include a working knowledge of some if not all of the following security services and tools:CISSP Domains and knowledgebaseISO 27000 suite of standardsEthical hack/penetration testsFirewall technologiesCloud securityAccess controlEncryption in Transit and RestMicrosoft Azure, Microsoft Office, Microsoft Information Protection and Microsoft DLP
FIND your future
AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks. For mid-sized companies, multinationals and even some inspirational individuals we don’t just provide re/insurance, we reinvent it.
How? By combining a strong and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business − property, casualty, professional, financial lines and specialty.
With an innovative and flexible approach to risk solutions, we partner with those who move the world forward.
At AXA XL we are happy to talk flexible working. We are committed to building a diverse and inclusive workforce and consider flexible ways of working for every role. Talk to us about how we can make flexibility work for you.
Corporate Responsibility
At AXA XL our approach to corporate responsibility (CR) is the same as our approach to business; constantly seeking to provide innovative solutions to the world’s most complex problems. From offering our expertise, products and services to help build more resilient communities, to advancing understanding and response to climate change, our strategy – Our Impact. Our Future. – aligns key issues that are pertinent to our business – climate, water and financial resilience - and contributes to AXA Group’s purpose to “Act for human progress by protecting what matters.”.
·Climate: We’re reducing our carbon footprint, protecting ecosystems and exploring how our business can help build a better world.
·Water: We’re developing water resilience where it is — and will be — needed most.
·Financial resilience: We’re helping create opportunities for the unemployed and underemployed, so they can be better prepared for unexpected changes.
·Hearts in Action:We have established volunteering and charitable giving programs to help colleagues support causes that matter most to them, known as our “Hearts in Action” programs.
Diversity & Inclusion
At AXA XL, we know that an inclusive culture and a diverse workforce enable business growth and are critical to our success. That’s why we have made a strategic commitment to attract, develop, advance and retain the most diverse workforce possible, while creating an inclusive culture where everyone can bring their full selves to work and can reach their highest potential.
·Five Business Resource Groups focused on gender, LGBTQ+, race/ethnicity, disability and inclusion with 20 Chapters around the globe
·Robust support for Flexible Working Arrangements
·Enhanced family friendly leave benefits
·Named to the Diversity Best Practices Index
·Signatory to the UK Women in Finance Charter