AXA XL is an Equal Opportunity Employer and does not discriminate against any colleague or applicant for employment on the basis of race, color, national origin, religion, sex, gender identity and/or expression, sexual orientation, age, disability, genetic information, veteran status, military status or any other category protected by local law. SHARE your talent We’re looking for someone who has these abilities and skills: Bachelor’s degree in computer science, Engineering, or related field with a senior level of professional experience (Required) Established knowledge of performing project risk assessments (Required) Experience in performing Information Security technical risk assessments (Required) Proficient in information security risk and governance frameworks (ISO 27005, EBIOS) Expert analytical and reporting skills (Required) Expert in Microsoft Office (Word, Excel, PowerPoint, Access) (Required) Ability to effectively communicate and positively influence diverse stakeholders and team members (Required) Excellent attention to detail and the ability to create clear, concise, and engaging presentations (Required) Fluent in English (Required) Information Security and /or Information Technology industry certification (CISSP, CISM, CRISC, GIAC, CISSP or equivalent) (Required) Experience in articulating IS risks in business language and advising on the appropriate risk management action > 5 years (Preferred) Experience in information security management reporting and related methodologies > 5-10 years (Preferred) Experience in multinational companies (Preferred) FIND your future AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks. For mid-sized companies, multinationals and even some inspirational individuals we don’t just provide re/insurance, we reinvent it. How? By combining a strong and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business − property, casualty, professional, financial lines and specialty. With an innovative and flexible approach to risk solutions, we partner with those who move the world forward. At AXA XL we are happy to talk flexible working. We are committed to building a diverse and inclusive workforce and consider flexible ways of working for every role. Talk to us about how we can make flexibility work for you. Learn more at axaxl.com. Corporate Responsibility At AXA XL our approach to corporate responsibility (CR) is the same as our approach to business; constantly seeking to provide innovative solutions to the world’s most complex problems. From offering our expertise, products and services to help build more resilient communities, to advancing understanding and response to climate change, our strategy – Our Impact. Our Future. – aligns key issues that are pertinent to our business – climate, water and financial resilience - and contributes to AXA Group’s purpose to “Act for human progress by protecting what matters.”. · Climate\: We’re reducing our carbon footprint, protecting ecosystems and exploring how our business can help build a better world. · Water\: We’re developing water resilience where it is — and will be — needed most. · Financial resilience\: We’re helping create opportunities for the unemployed and underemployed, so they can be better prepared for unexpected changes. · Hearts in Action: We have established volunteering and charitable giving programs to help colleagues support causes that matter most to them, known as our “Hearts in Action” programs. For more information, please see the Corporate Responsibility section on our website. Diversity & Inclusion At AXA XL, we know that an inclusive culture and a diverse workforce enable business growth and are critical to our success. That’s why we have made a strategic commitment to attract, develop, advance and retain the most diverse workforce possible, while creating an inclusive culture where everyone can bring their full selves to work and can reach their highest potential. It’s about helping one another — and our business — to move forward and succeed. · Five Business Resource Groups focused on gender, LGBTQ, race/ethnicity, disability and inclusion with 20 Chapters around the globe · Robust support for Flexible Working Arrangements · Enhanced family friendly leave benefits · Named to the Diversity Best Practices Index · Signatory to the UK Women in Finance Charter Learn more at axaxl.com/about-us/inclusion-and-diversity. AXA XL is an Equal Opportunity Employer. Security Consultant – Project Risk Assessments (Ipswich, UK) The Secure Project Lifecycle process has been established to perform risk assessments, ensuring security is considered as part of the design and throughout the project lifecycle. The SPL process governs projects within the Planview time recording and management system and those that are managed outside such as Move to the Cloud (MttC) programme. The role will be to augment the Information Security team to perform risk assessments of projects, provide guidance and acquire outcomes/decisions from the project manager, enterprise architect, technical architect, solutions architect, data privacy officer, project management office, strategic change development, IT Infrastructure and Operations and penetration testers. DISCOVER your opportunity The specialist will work under the responsibility of the Head of IS Services and Risk Management and will report to the Secure Project Lifecycle Team Lead. The responsibilities of the role will include the following\: Review submission of IS Criticality Assessment (ISCA) questionnaire (ISCA Dashboard) Determine high level security requirements and project criticality, based on standard project activities and data classification from DP pre-screening Work with assigned architect to ensure security requirements are finalized in design (High Level Design), review with Enterprise Architecture, Solutions Architecture, Cyber Security and Cyber Assurance Review of all security requirements and evidence provided by the project manager to support closure of each requirement: Review and feedback on ISCA questionnaire Review and feedback on High Level Design (HLD) Present at ISCA Project Technical Review Attend and obtain HLD sign-off at Technical Design Authority, Solutions Design Authority (SDA) and Data Intelligence and Analytics (DIA) Obtain Third Party Risk Evaluation Platform (TPREP) scorecard for TP SaaS solutions from Security Contracts team Obtain Minimum Technical Security Baseline compliance reporting from QualysGuard Obtain Cloud Permit from Enterprise Architecture Obtain Code Review and Analysis – in house solutions only from SCD Self-serve vulnerability assessment compliance report of assets in scope Liaise with Cyber Assurance on penetration testing of solution and obtain sign off Obtain Digital Hub registration for external facing solutions from Cyber Assurance Produce Project Security Assessment closure report Perform a final review of all open security requirements and their status before any stage gate approval can be provided (effectively the Production Go/No-go decision). Ensure AXA XL SDLC agile, waterfall and infra waterfall processes are followed Store all evidence in IS projects shared area Update the project register daily to ensure project status is maintained and update the Project Security Assessment (PSA) template as a record of activity. Submit PSA for sign off to complete risk assessment Manage project RAG status ensuring activities trending amber and red are highlighted to management and the project manager Liaise with project manager to support the development of the risk acceptance (PM is responsible) where needed Attend meetings with project manager, stakeholders, ISCA technical review, architectural design authorities and pen testing reviews. Challenge design decisions not compliant with security, escalate issues when they become known, offer options to resolve All deliverables are subject to an internal quality assurance and peer reviews will be conducted by the Information Security team.