Risk Analyst – Risk Acknowledge Mitigation Plan
UK, Ipswich
The RAMP Analyst is an expanding role and entails driving AXA XL’s security risk posture. The role includes working multiple with subject matter expert on a wide variety of topics to determine if temporary exceptions to the Information Security Policy are acceptable.Strong communication skills are a must as the candidate will be working with colleagues globally.
DISCOVERyour opportunity
The Risk Analyst will work under the responsibility of the Head of IS Services and Risk Management or delegate. The responsibilities of the role will focus on the Risk Acknowledgement and Mitigation Plan (RAMP) process that handles the exceptional noncompliance to the policies and include the following:
1. Support the business and IT stakeholders in the creation of RAMPs
2. Ensure that created RAMPs are properly formatted and complete to be able to go through the RAMP process without issues & delays
3. Communicate weekly on the RAMPs that are new or need a review in the RRG
4. Animate the weekly RAMP Review Group
5. Maintain a proper audit track on all RAMP associated decisions and act as a secretary for RRG meetings
6. Manage and maintain the RAMPs register, a consistent record of all RAMPs raised, their current status, expiry date and details of any mitigation to be carried out and by whom
7. Ensure that all Risks Acknowledgement go through due process in a timely manner
8. Become familiar with changes to the policy and supporting standards, so that all RAMPs reference the correct risk and RAMP metrics can accurately reflect the overall status.
9. Produce monthly reporting to the local IT, Security and Risk governance on the residual risk that were acknowledged / accepted and the most important monitored risks
10. Act as a champion for Information Security when dealing with areas of the business, providing assistance with the raising of information risks and explaining current policy as required
SHARE your talent
We’re looking for someone who has these abilities and skills:
11. Fluent in English (Required)
12. Master’s degree in Computer Science, Engineering, or related field with a minimum of 5 years of professional experience in Risk Management (Required) and/or Information Security (Preferred)
13. Expert in synthesizing and clearly communicating complex information to all audiences up to C-Level leaders (Required)
14. Experience in articulating risks in business language and advising on the appropriate risk management action (Required)
15. Excellent attention to detail and the ability to create clear, concise and engaging presentations breaking down difficult problems (Required)
16. Expert analytical and reporting skills (Required)
17. Excellent interpersonal and collaborative skills (Required)
18. Expert in Microsoft Office (Word, Excel, PowerPoint, SharePoint) (Required)
19. Experience in multinational companies (Required)
20. Strong knowledge of Risk management (Required)
21. Strong knowledge of Risk management frameworks (ISO 3100X, NIST 800-30/37/39,ENISA, EBIOS, OCTAVE, FAIR) (Required)
22. Effective knowledge of Information Security frameworks (Mitre ATT&CK, NIST, ISO 2700X …) (Preferred)
23. Experience in information security management reporting and related methodologies (Preferred)
24. Information Security and /or Information Technology industry certification (CISSP, CISM, or equivalent) (Preferred)
FIND your future
AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks. For mid-sized companies, multinationals and even some inspirational individuals we don’t just provide re/insurance, we reinvent it.
How? By combining a comprehensive and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business − property, casualty, professional, financial lines and specialty.
With an innovative and flexible approach to risk solutions, we partner with those who move the world forward.
Inclusion & Diversity