Background
AXA Personal Lines is a division of AXA UK and the AXA Global Group. We provide personal insurance products such as motor, home and travel to our customers directly, via our corporate partners, intermediaries and also through Swiftcover.com. Our culture is simple, energetic and imaginative. We are looking for people who can get the job done and enjoy the rewards. We need you to be proactive, enthusiastic and thrive on taking responsibility in a fast-paced environment where opportunities to develop and progress are encouraged. You will participate in, and lead, security strategy and programme in AXA Personal Lines. This will include working with the Security Managers and IT director to implement the AXA Personal Lines security strategy. Provide detailed security advice and guidance to business unites on projects, infrastructure and application security, working on specific incidents to ensure they are swiftly dealt with and root causes investigated and addressed as appropriate.
The role
The post holder has substantial interaction with business and IT teams as well as AXA group security team, supporting, challenging and influencing decisions, and with external parties including AXA Personal Lines's external auditors, professional advisers.
AXA Personal Lines has ambitious growth plans, requiring a robust approach to security risk and control to support informed and timely business decisions. The post holder is required to provide advice to balance the need to arrive at completely secure solution against the need for the business to be agile, and providing sufficient security. They need to be able to perform reconciliation of the different business constraints and regulatory requirements. Responsibilities include: - Security Strategy and programme management - Implement, maintain and manage the AXA Personal Lines security programme.
- Security Consultancy - Provide Security consultancy in BAU activities and within projects to define solutions that support the current and future business vision. Assist with product evaluation and selection of relevant security products
- Security Improvement project - Identify and lead in security improvement projects.
- Incident Management and response - Undertake security investigations or provide expertise during the investigation of security incidents, including making proposals for resolution of root causes, where appropriate. Prepare incident reports where appropriate
- Training and Awareness - Design and deliver training and awareness programme to raise awareness of security and PCI within the business
- Compliance - Manage and provide reporting for the compliance with PCI DSS, FSA, and other regular and external interested parties, where is relevant to Security Controls.
- Third Party Security Reviews - Undertake security review of third parties to ensure the third party security level is understood, make recommendations for enhancements and monitoring as part of the due diligence process
Skills, knowledge and behaviour
Experience:
- Extensive experience in an Information Security role
- Evaluated products from major suppliers
- Demonstrable in depth knowledge of technology options and associated vendors.
- Demonstrable in depth understanding of information security issues and methods
- Track Record of collaboration and re-use of solutions in global organisations.
- Strong commercial/ business knowledge: ability to understand and integrate business and IT strategies.
- In depth understanding of security requirements and operational/service delivery characteristics
Education:
- Degree Level Education, MSC in Information Security is preferable
- Relevant Professional Qualification is preferable- e.g CISSP,
- Penetration testing certification e.g. Check, Crest, Ech
Knowledge/skills
- In depth experience of security domains
- In depth experience of designing security architectures and security solutions
- In depth experience of Web Application security testing
- In depth experience of infrastructure security and server hardening practice
- Excellent communication and interpersonal skills
- Good understanding of current and emerging technologies and their potential to deliver business benefits
- Experience in working in Agile environment
- Ability to assimilate information quickly , clearly identify key issues and present information concisely
- Ability to develop and maintain a wide network of useful contacts, both in IT and within the business, and also with 3rd party suppliers/vendors
- Ability to be Self Sufficient
| 
