IT Compliance and Risk lead Whatever their stage of life, we provide over 108 million customers with the products and services they need to progress. From insurance to personal protection, and savings to wealth management, no matter the need we're always there for them. And we're always there for our employees. In 50 countries, we work hard to inspire pride and a sense of belonging in our people.
To provide opportunities that challenge them, inspire them, and reward them. And to create a culture that's open, supportive, and empowering. Because we know that's the real secret to success and the best way for us to keep building a better world for both our customers and the talented people who put them first.
Your work environment: The division Group CIO creates the link between technology and business strategy and priorities, definesthe technology operating model for AXA, sets global and local architecture, applications, andinfrastructure standards, and leads the definition and execution of global technology strategyand technology lifecycle to enable innovation and business growth.Within the Group, you will join the AXA GO CIO department. The IT Department aims to drivethe digital transformation of the GIE (local and corporate functions), promoting and deployinginnovative IT solutions aligned with the Group's strategy. The department serves as a truepartner to the business functions, providing support and guidance.Within this Department, you will be part of the Governance & Performance team, in charge ofthe operational and strategic management of IT services, global programs, finance, workforce,Governance, Risk and compliance. Your job and daily missions: You will work closely with the Head of Governance and Compliance to secure information, create, and implement strategies to minimize the variety of risks that could threaten the key information. Moreover, you'll partner with the business to continually assess and identify potential risks, evaluating them to ensure that they are appropriately mitigated through properly implemented policies, procedures, training, systems and controls.
CONTEXT AND MAJOR CHALLENGES The insurance sector is subject to a complex and constantly evolving regulatory framework, including regulations such as the Digital Operational Resilience Act (DORA). At the same time, the rapid development of digital technologies and the rise of cyber threats have increased the complexity of risks facing companies.
In this context, the profile of the IT Compliance and Risk Lead must be able to meet these challenges by developing and implementing compliance and IT risk monitoring strategies adapted to this complex regulatory environment and constantly evolving cyber threats. They must be capable of maintaining constant regulatory and technological monitoring, collaborating with internal and external stakeholders, and advocating for innovative security practices and tools to mitigate risks and ensure compliance with regulatory requirements.
Key Accountabilities : Monitoring and managing the IT systems to ensure that they are secure.Ensure that IT control framework for the activities under the CIO responsibilities arealigned to the global framework when relevant and undertaking the risk reviews.Identifying potential regulatory and non-regulatory IT risks through thorough and ongoing risk assessments with relevant business leadsAssisting in finding practical and cost-effective solutions on risk issues.Building and maintaining strong and positive working relationships and effective means of communication with other GIE department (CSO, DPO, Information Risk Management…) and AXA GOProviding direction and guidance in the development, implementation, and communication of risk related policies and standardsWorking in relation and conformity with internal and external auditorsProviding guidance to employees, colleagues and/or governance stakeholderProviding aggregated risk and controls supervision, measurement, and reportingactivities.Actively engaging in end-to-end risk remediation planning, resolution, and monitoringactivities.Monitoring key milestones, escalation of past due activities, problem triage andmanagement, and archiving key monthly artifacts for audit purposes.Develop on-going technology risk reporting, monitoring key trends and defining metricsto regularly measure control effectiveness.Leading the IT Business Process Improvement and contribute to the review of internalprocesses and activities and identify potential opportunities for improvement.Adhere to, advise, oversee, monitor, and enforce enterprise frameworks andmethodologies that relate to technology controls.Influence behavior to reduce risk and foster a strong technology risk managementculture throughout GIE AXA Your Profile : What you'll need to succeed in this role :
At least 6 years of professional working experience in a similar position in Insurance orbanking (or in a highly regulated environment)A university degree ideally in the fields of information technology, computer science,information security or a related fieldBe familiar with applicable insurance regulations and how they impact IT department.InternalStrong interpersonal skills and the ability to develop effective trustworthy relationshipswith the business stakeholders and GIE SMEs (CSO, DPO…)Staying aware of Information Security current affairs, business continuity, datamanagement, security and encryption, and vulnerability analysis and auditExcellent communication skills, both written and verbal, to be able to articulate complexIT risks in simple business terms.Excellent problem solving and self-management skills to solve technical problemstactically and analytically and successfully handling management information andmetrics design, collection, analysis, reports, etcAdvanced knowledge of organization, technology controls, security, and risk issuesDemonstrated ability to participate in complex, comprehensive or large projects andinitiatives.Ability to serve as a lead expert resource in technology controls and information securityfor project teams, the business and outside vendors.Audit or controls background, Big Four experience are a plus.Experience with Key Risk Indicators and Technology Risk reporting is a plus. Recognized certification in Information Security such as: Certified Information Security Manager(CISM), Certified Information Systems Security Professional (CISSP) or CRISC are a plus.