Information Security
Aujourd'hui
Emploi consulté
Description De L'emploi
Information Security Management System Management and Operational Risk Management Permanent ControlThe consultant must have the necessary risk management skills to ensure the continuous improvement of the Information Security Management System (ISMS) and risk mapping (RCSA).The consultant must also have skills in auditing, compliance, and permanent control to fulfill the role of Operational Permanent Controller.ISO 27001 certification ISMS management and associated actionsIT Risk Cyber Operational Risk ManagementReview of documents and procedures (ISMS, OPC, etc.)Improvement, execution, and monitoring of controlsOPC control campaignsRCSA updateIncident monitoring
Head of Information Security
Publié il y a 2 jours
Emploi consulté
Description De L'emploi
At Ageras, we are redefining how entrepreneurs, freelancers, self-employed professionals, and SMEs - manage their banking and administrative tasks. Through seamless tools and innovative banking solutions, we help them focus on what matters most: growing their businesses.
Our vision is to become the best friend of every small entrepreneur across Europe.
Over the years, Ageras has grown through the merging of top European FinTechs like Shine (), Kontist (), Tellow (), and more. Today, we're a team of nearly 500 people, including 150 talented engineers, working together from Paris, Amsterdam, Copenhagen, and Berlin.
The Risk & Compliance team at Ageras
Security is core to our promise to customers and partners. Within Risk & Compliance, we work closely with Engineering, IT, Product, Data and Legal to keep our environment resilient, audit-ready and pragmatic. We aim for "secure by design" without slowing the business.
Your role as a Head of Information Security
You will lead our information security function end-to-end: own our ISMS and risk governance, land regulatory outcomes (notably
DORA
and
ISO 27001
), embed security into the
SDLC
, and strengthen incident readiness. You'll enable teams to make good security decisions, communicate clearly with executives and partners, and turn complexity into tangible next steps.
Your Responsibilities Will Include
- Own the ISMS (policies, risk register, KRI) and keep governance practical, measurable and audit-ready.
- Drive regulatory readiness for DORA and ISO gap overview, artefacts, timelines, immovable dates incl. the annual report for payment institutions).
- Lead incident preparedness and response: playbooks/runbooks, tabletop exercises, clear roles/on-call, post-incident learning.
- Embed secure-by-design in the SDLC: lightweight security gates (e.g. threat modeling, dependency hygiene, SAST/DAST), developer enablement and metrics.
- Own third-party/vendor risk for critical providers in partnership with Procurement, Legal and Risk.
- Influence & enable: build trust with Eng/IT/Product/Data/Legal; make security a shared responsibility.
- Steer external partners (e.g., ISO support) and plan the hiring of 1 FTE to complete a lean, high-impact team.
- Communicate clearly to executives, partners and (as needed) supervisors.
- Lead and mentor a team (2 security engineers), prioritizing the team's workload, ensuring alignment with the company's security goals and overseeing their professional development.
Your first months
- You establish a clear baseline of our security posture by reviewing governance, technology and team practices, and you refresh the risk register with practical KRIs.
- You create regular working cadences with leaders in Engineering, IT, Product, Data and Legal so that decisions and trade offs move quickly.
- You publish a prioritised twelve to eighteen month security roadmap with concrete Q1 and Q2 outcomes for DORA, ISO 27001 and incident readiness.
- You schedule and run an incident tabletop, you clarify on call roles and escalation paths, and you capture lessons and owner actions.
- You prioritise vendor risk across critical providers and you make the audit artefact backlog visible with owners and due dates.
- You align the security operating rhythm by preparing inputs for the risk committee, incident reviews and change advisory.
Job located in Berlin or Paris, with possibility of two remote working days per week.
About you
- Senior leadership experience in product-centric, cloud-heavy environments (scale-up pace or similar).
- Hands-on security governance & risk and regulatory experience relevant to European payment institutions (DORA, ISO
- Proven record of embedding secure SDLC with Engineering and Product.
- Confident incident leader; calm under pressure; learns fast.
- Clear, concise communicator; able to influence from code review to boardroom.
- Fluent English; French or German is a plus.
Nice to have
- Certifications (e.g., CISSP, CISM, CCSP, AWS Security) used as tools, not crutches.
- Exposure to supervisors (e.g., ACPR, BaFin, FCA) or regulated audits.
- Consulting/fractional CISO background; impact with small teams.
Our recruitment process
An initial interview (45') with Daniel (Team Lead Talent Acquisition),
A video interview (45') with Maud (VP Risk & Compliance)
A Case study interview + Key Stakeholder round
An Culture & leadership interview round including a personality and logic test
What's In It For You?
- Compensation: Competitive salary depending on experience and location.
- Remote Work Culture: Work from our Berlin or Paris office, with possibility of remote working days.
- Scale-Up Impact: Join a high-growth environment with ~500 passionate people across Europe and multiple acquisitions; your work has direct, measurable impact.
- Modern stack & tools: Cloud-first product, CI/CD, security tooling (e.g., SAST/DAST, dependency scanning), and ISMS/GRC practices.
Equal Opportunity Employer
We follow the principle of equal treatment to consider all job applicants and do not discriminate based on their gender, sexual orientation, color, racial or ethnic origin, religion, disability, etc. as per applicable law.
Chief Information Security Officer
Aujourd'hui
Emploi consulté
Description De L'emploi
Mission principale
Piloter la stratégie de sécurité des systèmes d?information du client, garantir la conformité réglementaire (notamment RGPD), et assurer la protection des données et des actifs numériques de l?entreprise.
Responsabilités clés
Définir et mettre en ?uvre la politique de sécurité informatique (SI, réseau, cloud, endpoints).
Superviser les audits de sécurité, les tests d?intrusion et les plans de remédiation.
Assurer la conformité aux réglementations en vigueur (RGPD, ISO 27001, etc.).
Gérer les incidents de sécurité et piloter les plans de continuité et de reprise d?activité.
Encadrer les pratiques de confidentialité, de déontologie et de gouvernance des données.
Collaborer avec les équipes IT, juridiques et métiers pour intégrer la sécurité dans les projets.
Sensibiliser les collaborateurs via des programmes de formation à la cybersécurité.
Gérer les licences des outils de sécurité et les relations avec les prestataires.
Profil candidat:
Compétences requises
Expertise en cybersécurité, gouvernance IT, gestion des risques et conformité.
Maîtrise des normes et réglementations : RGPD, ISO 27001, NIS2, etc.
Connaissance des outils de sécurité : SIEM, EDR, DLP, IAM, etc.
Capacité à travailler en transverse avec les directions métier et technique.
Excellente communication, pédagogie et leadership.
Environnement technique
Microsoft 365 / Azure AD / SharePoint / Teams
Jira / Power BI / Automate
Outils de sécurité (à définir selon les besoins)
Information Security Compliance Officer
Aujourd'hui
Emploi consulté
Description De L'emploi
Notre client est une société internationale en forte croissance qui propose des solutions innovantes permettant d'accompagner la transformation digitale du Retail. La société est aujourd'hui à la recherche de son Information Security Compliance Officer.
Vos responsabilités
En tant qu'
Information Security Compliance Engineer
, vous jouez un rôle central dans la mise en œuvre et le suivi des politiques de sécurité de l'information et de conformité. Rattaché(e) à la Direction des Systèmes d'Information, vos missions seront les suivantes :
- Développer et maintenir les politiques de sécurité de l'information, en lien avec les standards internationaux.
- Assurer la conformité aux réglementations et normes de référence (ISO 27001, GDPR, NIS2, CRA, etc.).
- Réaliser des audits de sécurité et conduire des évaluations de risques.
- Déployer et superviser les mesures de protection des données et des systèmes.
- Former et sensibiliser les collaborateurs aux bonnes pratiques de sécurité.
- Répondre aux incidents de sécurité et coordonner les actions correctives.
- Collaborer étroitement avec les équipes IT, R&D et opérationnelles pour intégrer les exigences de sécurité dans les projets.
- Animer le Système de Management de la Sécurité de l'Information (SMSI).
- Identifier les risques de sécurité et piloter le plan d'actions associé avec la DSI.
Profil recherché
Issu(e) d'une formation en informatique, sécurité de l'information ou domaine connexe, vous justifiez de minimum 5 ans d'expérience en cybersécurité et en conformité réglementaire, acquise en entreprise ou en cabinet de conseil.
Des certifications en sécurité (CISSP, CISM, ISO 27001 Lead Auditor…) sont un atout apprécié.
La maîtrise du français et de l'anglais à l'oral comme à l'écrit sont exigées.
Information Security Analyst, Security Audit
Aujourd'hui
Emploi consulté
Description De L'emploi
The Information Security Team establishes and manages Essity Group's information security on behalf of our Chief Digital & Information Officer. The governance and management of security is executed through the Essity Information Security Management System (ISMS).
We are looking for an Information Security Analyst with a strong interest in Security Culture and Awareness, and a proactive mindset to drive improvements within their areas of responsibility. This role is part of Essity's Information Security Team and contributes to the company's global Information Security Management Process (ISMP).
An Information Security Analyst has a broad responsibility to cover tasks in all parts of the company's Information Security Management Process (ISMP)
The geographical scope is global. The position is preferable in Gothenburg, but other Essity offices in Europe can be discussed.
Main Responsibilities:
Information Security Auditing:
You will lead, conduct, and follow up on audits of global IT services and applications, partly on behalf of Essity's Internal Audit function. These audits are part of a well-established internal audit program and will involve limited travel, primarily within Europe.
Security Awareness & Culture:
You will coordinate and actively contribute to our global security awareness initiatives. This includes planning, executing, and aligning awareness activities across the Information Security Teams to foster a strong security culture throughout the organization.
Continuous Improvements:
You will play an active role in driving improvements within your area, contributing to the development of efficient and effective security programs and processes that support our strategic goals.
Key Responsibilities
- Conduct internal audits of IT services, monitor compliance with security standards, and follow up on remediation activities.
- Drive security awareness across the organization by leading initiatives, managing awareness platforms, and acting as a trusted advisor to foster a strong security culture.
- Plan and prioritize annual security services, make decisions based on standards and risk exposure, and report on security posture to IT management.
- Maintain security documentation, monitor emerging threats and technologies, and handle security-related requests.
Experience and Qualification:
We're seeking a candidate with a foundation in information security, including experience in auditing, risk management, compliance and awareness. You should be confident making risk-based decisions and have hands-on knowledge across key security domains such as endpoint, identity, network, and cloud. Familiarity with detection, response, and recovery processes, including disaster recovery planning.
Strong communication skills are essential, along with the ability to explain security concepts clearly to both technical and non-technical audiences. You take a pedagogical approach to raising awareness and motivating employees to maintain a security-conscious mindset.
You're organized, reliable, and experienced in documenting and presenting information effectively. A self-driven team player with a positive attitude, you know how to deliver results and foster a strong security culture across the organization.
Education:
- A bachelor's degree in computer science, Information Technology, or a related field.
- Professional security certifications such as CISA or CISSP are meritorious.
Ork Experience
- 3 years of relevant work experience
Application
Does it sound interesting to you? Please send in your application to us in English via our website at your earliest convenience but not later than deadline. We may conduct background checks in the final stages of the recruitment process to verify your qualifications and fit for the role.
What We Can Offer You
Our purpose, Breaking Barriers to Well-being, provides meaning to everything we do. Working at Essity means a chance to improve well-being for people and opportunities to drive positive change for the society and the environment. As an employee at Essity, you will belong to an organization where you feel valued and supported to grow and challenged to generate business results in a collaborative and open atmosphere. Innovate for Good | Excel Together | Be You with Us
Application End Date:
01 okt. 2025
Job Requisition ID:
Essity
Information Security Officer H/F
Aujourd'hui
Emploi consulté
Description De L'emploi
Au sein de la direction "Animation et pilotage de la Sécurité de l'Information" et rattaché(e) au Chief Information Security Officer, vos missions seront de :
- Conseiller et donner des avis sécurité aux métiers et aux maîtrises d'ouvrage sur les analyses de risques, les contrats, les Plans d'assurance sécurité, en particulier sur les projets IA.
-Participer à des opérations de communication/sensibilisation
-Mener des projets de sécurisation de l'entreprise
Mais également
Participer aux tâches opérationnelles de l'équipe : traitement de la boite de signalement par les clients et les collaborateurs des alertes de sécurité, demandes de dérogation…
Contribuer à l'évaluation du niveau de sécurité de son entreprise et proposer les mesures nécessaires à son responsable (Chief Information Security Officer - CISO) et aux métiers
Faire connaître les prescriptions du Groupe et participer à leur adaptation si besoin au contexte de l'entreprise
Profil recherché :
Expérience en informatique ou en sécurité informatique (environ 5 ans)
Compétences recherchées :
Connaissance de la méthode d'analyse de risques d'un projet informatique
Capacité à conseiller un métier sur sa sécurisation
Bonnes capacités d'analyse et de synthèse, bonnes capacités rédactionnelles
Pilotage de projet, travail en transverse
bon relationnel, sens du travail en équipe, persévérance, autonomie, dynamisme.
Outils informatiques :
Connaissance des méthodologies d'audit et des normes et standards sécurité Groupe ou hors Groupe (MESARI, normes ISO de la famille 27000, eIDAS, etc)
Connaissance des architectures/infrastructure de sécurité : DMZ, bulles de sécurité, segmentation réseau, filtrage (IP, applicatif) …
Connaissance des solutions de sécurité : méthodes d'authentification, habilitations, anti-virus, redondance, chiffrement (TLS, VPN, chiffrement symétrique et asymétrique), signature, conditions de recevabilité d'une preuve
Curiosité relative aux nouvelles technologies et aux risques qui en découlent : IA, IoT, biométrie, technologie « sans contact » ainsi qu'aux nouveaux services offerts par internet : réseaux sociaux, cloud, signature électronique…
Information Security Senior Specialist, Policy
Aujourd'hui
Emploi consulté
Description De L'emploi
Ipswich, UK or Paris, France
AXA XL is an Equal Opportunity Employer.
The Policy and Standards Specialist is an expanding role and entails managing and communicating the changes to the AXA XL Information Security Policy (ISP) and supporting Standards, for the reference and benefit of all employees and contractors.
What you'll be doing
What will your essential responsibilities include?
Responsibilities
The specialist will work under the responsibility of The Head of IS Services & Risk Management and will report to the Security Policy & Standards Lead. The responsibilities will include the following:
- You must have a established IT background and good understanding of IT and Security technologies
- Translating technical jargon and complex IT risks into business language is a must
- Maintaining the ISP and Standards, ensuring proposed changes are evaluated, writing additional Standards and Guidelines
- Capture updates from both AXA Group and AXA XL stakeholders
- Participate in the AXA Group Policy Working Group (PWG), make suggestions and provide feedback on proposed changes. Perform gap analysis of changes against AXA XL ISP and Standards, highlight differences and discuss with stakeholders to see what effort would be required to comply, if this is to be a BAU activity or project
- Prepare and present new and existing security policies and standards requiring change to the Information Security Steering Committee (ISSC) for discussion, answering questions and seeking approval
- Present Information Security Policy and Security Standards updates to the Security Committee (SecCom) including C-level participants.
- Maintain and improve the Policy and Standards Tracker, ensuring all changes are accurately recorded
- Provide formal feedback to AXA Group Security on changes agreed or rejected by AXA XL
- Ensure all IS documentation is reviewed at least annually, recording approved updates
- Use diverse sources to monitor emerging threats and technologies, perform gap analysis against the existing ISP and Standards and produce recommended updates for the ISSC to review
- Promote use of the ISP and Standards across AXA XL by collaborating with Internal Communications and other team leads as required
- Provide guidance in response to questions on ISP and Standards requirements
- Maintain and update the Policies and Standards page of the IS SharePoint site
What you'll bring
We're looking for someone who has these abilities and skills:
Required Skills And Abilities
- Hold an active ISC2 CISSP or ISACA CISM certification (Required)
- A good understand of Cloud technologies (Preferred).
- Effective English written and verbal skills mandatory
- Proficient in writing security policies and security standards (Required)
- Expert analytical and reporting skills (Required)
- Expert in Microsoft Office (Word, Excel, PowerPoint, SharePoint) (Required)
- Ability to effectively communicate and positively influence diverse stakeholders and team members (Required)
- Excellent attention to detail and the ability to create clear, concise and engaging presentations (Required)
Desired Skills And Abilities
- Experience in global companies (Preferred)
- Experience in information security management reporting and related methodologies (Preferred)
- Experience in implementing ISO 27001/NIST/CSA (Preferred)
- Knowledge of Information Security and Information Technology in relation to application of Policies (Preferred)
What we offer
Inclusion
AXA XL is committed to equal employment opportunity and will consider applicants regardless of gender, sexual orientation, age, ethnicity and origins, marital status, religion, disability, or any other protected characteristic. At AXA XL, we know that an inclusive culture and enables business growth and is critical to our success. That's why we have made a strategic commitment to attract, develop, advance and retain the most inclusive workforce possible, and create a culture where everyone can bring their full selves to work and reach their highest potential.
It's about helping one another — and our business — to move forward and succeed.
- Five Business Resource Groups focused on gender, LGBTQ+, ethnicity and origins, disability and inclusion with 20 Chapters around the globe.
- Robust support for Flexible Working Arrangements
- Enhanced family-friendly leave benefits
- Named to the Diversity Best Practices Index
- Signatory to the UK Women in Finance Charter
Learn more at AXA XL is an Equal Opportunity Employer.
Total Rewards
AXA XL's Reward program is designed to take care of what matters most to you, covering the full picture of your health, wellbeing, lifestyle and financial security. It provides competitive compensation and personalized, inclusive benefits that evolve as you do.
We're committed to rewarding your contribution for the long term, so you can be your best self today and look forward to the future with confidence.
Sustainability
At AXA XL, Sustainability is integral to our business strategy. In an ever-changing world, AXA XL protects what matters most for our clients and communities. We know that sustainability is at the root of a more resilient future. Our Sustainability strategy, called "Roots of resilience", focuses on protecting natural ecosystems, addressing climate change, and embedding sustainable practices across our operations.
Our Pillars
- Valuing nature: How we impact nature affects how nature impacts us. Resilient ecosystems - the foundation of a sustainable planet and society - are essential to our future. We're committed to protecting and restoring nature - from mangrove forests to the bees in our backyard - by increasing biodiversity awareness and inspiring clients and colleagues to put nature at the heart of their plans.
- Addressing climate change: The effects of a changing climate are far-reaching and significant. Unpredictable weather, increasing temperatures, and rising sea levels cause both social inequalities and environmental disruption. We're building a net zero strategy, developing insurance products and services, and mobilizing to advance thought leadership and investment in societal-led solutions.
- Integrating ESG: All companies have a role to play in building a more resilient future. Incorporating ESG considerations into our internal processes and practices builds resilience from the roots of our business. We're training our colleagues, engaging our external partners, and evolving our sustainability governance and reporting.
- AXA Hearts in Action: We have established volunteering and charitable giving programs to help colleagues support causes that matter most to them, known as AXA XL's "Hearts in Action" programs. These include our Matching Gifts program, Volunteering Leave, and our annual volunteering day - the Global Day of Giving.
For more information, please see
Who we are
AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks. For mid-sized companies, multinationals and even some inspirational individuals we don't just provide re/insurance, we reinvent it.
How? By combining a comprehensive and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business − property, casualty, professional, financial lines and specialty.
With an innovative and flexible approach to risk solutions, we partner with those who move the world forward.
Learn more
Soyez le premier informé
À propos du dernier Cism Emplois dans Paris !
CISO (Chief Information Security Officer) Holding
Aujourd'hui
Emploi consulté
Description De L'emploi
CISO (Chief Information Security Officer) Holding LVMH
Le CISO Holding est en charge de la cybersécurité sur le périmètre de la Holding du Groupe LVMH.
La mission
Le CISO Holding est rattaché au CISO Groupe et s'appuie sur les services et solutions de cybersécurité fournis par le Groupe à l'ensemble de ses entités. Le CISO Holding instancie, adapte et déploie les politiques, mesures, solutions et services de cybersécurité globaux dans le contexte spécifique de la Holding, en tenant compte des spécificités de ses activités, de l'organisation et des systèmes d'information de la Holding. Le CISO Holding travaille étroitement avec le CIO de la Holding pour adapter la posture cybersécurité aux spécificités de la Holding.
Le CISO Holding a pour mission de :
- Recueillir et analyser les enjeux métiers, effectuer des analyses de risques sur le périmètre de la Holding.
- Identifier les processus, assets et fournisseurs clés.
- Identifier les exigences réglementaires ou contractuelles propres à la Holding.
- Décliner les politiques de sécurité Groupe dans le contexte de la Holding, les compléter par des politiques, procédures et modes opératoires spécifiques, selon les besoins. Veiller à ce que ceux-ci soient communiquées à toutes les parties prenantes.
- Assurer le suivi de la mise en œuvre des politiques de sécurité et des exigences règlementaires.
- Assurer les validations sécurité pour les processus le nécessitant. Gérer les exceptions, en les accordant de manière appropriée, en les justifiant, en les documentant, et en les révisant régulièrement, notamment pour supprimer les exceptions temporaires.
- Spécifier et coordonner des audits et revues de sécurité techniques et organisationnels pour les processus, systèmes et applications.
- Vérifier la conformité aux politiques internes et externes à partir de tableaux de bord de conformité et de plans de contrôle. Assurer une évaluation continue des pratiques et systèmes de sécurité, et déterminer des plans d'amélioration.
- Définir une feuille de route pluriannuelle de cybersécurité incluant au minimum la feuille de route partagée du Groupe et complétée par des besoins spécifiques supplémentaires de la Holding. Assurer le suivi de la mise en œuvre de la feuille de route
- Promouvoir et communiquer sur la cybersécurité, auprès des équipes tech, des départements métiers et de la Direction.
- Donner des conseils en matière de sécurité aux départements métiers et supports.
- Coordonner l'intégration de la sécurité dès la conception (by design) dans tous les nouveaux projets applicatifs ou d'infrastructure. Cette intégration se fait tant en phase de construction initiale, qu'en phase de fonctionnement ou lors de mises à jour majeures :
- Identifier les besoins de sécurité
- Evaluer la sécurité des solutions, des tiers et des architectures
- Analyser les risques, sélectionner les contrôles appropriés pour traiter les risques identifiés
- Contribuer au design, au plan sécurité, conseiller sur la sécurité des implémentations
- Conduire les audits nécessaires
- Coordonner l'utilisation des services et solutions globaux de cyberdéfense, en terme de monitoring, de détection et de réponse à incidents.
- Piloter le processus de gestion des incidents de sécurité : prendre en charge les alertes, vulnérabilités et incidents, mener les investigations et prendre les mesures immédiates nécessaires, assurer le suivi de la remédiation par les différents acteurs en charge.
- Animer la cellule de crise pour les incidents significatifs, avec l'aide de l'équipe cyberdéfense Groupe. Effectuer une revue à froid des incidents de sécurité significatifs.
- Spécifier et superviser les processus de gestion des identités et des accès, y compris la gestion des accès privilégiés. Mener des revues de comptes et d'habilitations.
- Aider les métiers à spécifier les besoins en matière de cyber-résilience. S'assurer que les plans de reprise sont en place et testés.
- Construire, organiser, délivrer ou superviser des actions de formation et de sensibilisation, y compris sur la base des contenus et services globaux fournis par LVMH.
Les compétences
D'une formation supérieure de type ingénieur, idéalement avec une spécialisation en cybersécurité, Le CISO Holding a une expérience réussie d'une dizaine d'années dans le pilotage d'une activité de cybersécurité.
Il a une expertise technique, maîtrise les bonnes pratiques, et connait les normes et réglementations en matière de cybersécurité. Il a une capacité à développer et mettre en œuvre des politiques, processus et procédures de sécurité.
Il a une expérience dans l'identification, l'évaluation et la gestion des risques cyber, ainsi que la mise en place de mesures de mitigation des risques et plans de réponse aux incidents. Il a une aptitude à anticiper les menaces et à développer des solutions proactives.
Il a des compétences en gestion de projet pour coordonner et superviser la mise en place de mesures de cybersécurité. Il est force de proposition et possède de bonnes capacités de communication vis-à-vis des équipes projets (chefs de projets, architectes et leaders techniques).
Il a une bonne aptitude à collaborer efficacement avec les parties prenantes dans les différents départements métiers et sait expliquer des concepts de sécurité de manière compréhensible pour les parties prenantes non techniques.
Il a des compétences en matière de sensibilisation et la formation lui permettant de promouvoir une culture de sécurité.
Il a une expérience dans la conduite d'audits de sécurité et la capacité à assurer que les pratiques de sécurité de l'organisation sont conformes aux politiques internes et exigences règlementaires.
Il est autonome, pragmatique, méthodique et rigoureux. Il sait rester calme et efficace sous pression, notamment lors de crises ou d'incidents de sécurité. Il est engagé dans le respect des normes éthiques et agit avec intégrité.
Security & Vulnerability Management Expert
Aujourd'hui
Emploi consulté
Description De L'emploi
About the job
Main missions
As Technical lead, you will
· Develop and adapt products vision and roadmap in collaboration with the product manager and by discussing with customer / end-users
· Contribute to the product backlog delivery, such as new feature and improvement, its delivery and its quality
· Manage and optimize on a day-to-day basis AXA global vulnerability management platform
· Lead major product and platform evolutions to support Security Operation Center (SOC) and Vulnerability Operation Center (VOC)
· Lead "proof-of-concept" and represent AXA as a leading business partner with our third parties/vendor
· Help evaluate business value and benefits of technical features
· Determine whether a technical backlog item was satisfactorily delivered
· Contribute to the day-to-day LOA (run) activities, leading by example
· Ensure a high level of Quality-of-service (QoS) for AXA internal customers
· Be a leader for the team and for AXA in term of expertise on the product technology and IS security process, aka Vulnerability management
· Ensure transparency into the upcoming work of the team
· Involve all relevant stakeholders (architecture, entities, security, data privacy etc.) to ensure technical feasibility
· Coordinate internal resources and third parties/vendors for the flawless execution of projects
· Raise alert and identify solution to ensure on time delivery
· Evangelize within and outside AXA about the solutions you develop and market them accordingly
· Regular reporting of progress, risks, and issues towards the product manager and other stakeholders
· Participate to Product governance and meetup
Expected skills & experience
We are looking for someone with the following experience and skills:
Experience
· Hands-on experience with vulnerability management tools (e.g. Kenna, Tenable, Qualys, Vulcan, Hackuity etc.)
· Experience in implementing Hardening controls based on Security Industry Standards, such as CIS Benchmarks.
· Experience in Private and Public Cloud Security
· Understanding of Workload Protection, including Servers, Workstation, Containers
· Experience using an ITSM tool such as ServiceNow
· Strong fundamentals in networking protocols and troubleshooting
· Knowledge of hacking techniques, cyber threats and security trends
Education
· Post-graduate degree in IT or a closely-related subject to IS Security.
Certification
· A certification in relation with Vulnerability Management is highly desired
· ISC² CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Professional)
Overall work experience in the fields
· Experience in Security > 3 years (required)
· Experience in Security product day-to-day management (required)
Skills
· Work on maturing vulnerability management & Compliance program services and processes
· Develop and improve KPIs, metrics, and trend analysis for vulnerability management features
· Take part of the implementation and operational best practices while taking ownership of tasks and/or project workstreams
· PowerShell and Python scripting skills
· Analytical thinking, time management and coordination skills
Language
· Fluent in English is a necessity (including technical Information security English)