IT Risk Advisory Expert (F/M)

Job summary
Permanent contract
Salary: Not specified
A few days at home
Experience: > 5 years
Skills & expertise
Generated content
Cybersecurity knowledge
Project management
Technical aptitude
Critical thinking
Motivational skills


Interested in this job?

Questions and answers about the job

The position

Job description

Whatever their stage of life, we provide over 108 million customers with the products and services they need to progress. From insurance to personal protection, and savings to wealth management, no matter the need we’re always there for them. And we’re always there for our employees. In 50 countries, we work hard to inspire pride and a sense of belonging in our people. To provide opportunities that challenge them, inspire them, and reward them. And to create a culture that’s open, supportive, and empowering. Because we know that’s the real secret to success – and the best way for us to keep building a better world for both our customers and the talented people who put them first.

Your work environment

The headquarters of the AXA Group (GIE AXA) brings together our corporate activities. It provides guidance and support to subsidiaries around the world, to ensure the coordination and monitoring of the Group's global strategy, the application of its standards, the consistency of commercial approaches and the sharing of best practices. The headquarters gathers approximately 1000 employees and is distinguished by its strong international culture (45 nationalities), which makes it a rich and stimulating place to work.

Management Presentation

In the context of growing cybersecurity threats and global information risks, regulators require AXA to maintain a solid second line of defense to ensure overall risks are adequately managed and that risk appetite is mastered in that respect. Although protection of information is a shared responsibility of all AXA entities (including all AXA employees, agents, and advisors), GRM has set a specific department to guide and control AXA in this effort. Group Information Risk Management (GIRM) is responsible for leading the enterprise's approach for managing existing and emerging risks associated with the stewardship of AXA information[1].

The Information Risk Advisory team’s main objective is to ensure that the Group Chief Risk Officer (CRO) and the Chief Risk Officer in every entity has the means to effectively oversee Information Risk and that they can present a second opinion on key decisions.

We achieve this through documented reviews of projects, initiatives, and key risks; through participation to executive committees; by partnering with Technology and Security teams and by advising and training CRO teams.

As our remit covers information risks at group level, we are required to develop and maintain expertise in risk and control about technology, security and data processes. In a typical week we could be working on subjects as diverse as designing A.I. risk framework, giving an opinion on Group Security project strategic priorities and providing training to CRO teams on Blockchain.

Main purpose

In that context, the INFORMATION RISK ADVISORY EXPERT oversees a portfolio of “second opinion” reviews on Information risks, independently conducting studies and following-up the remediation actions. He/she will provide an opinion on adherence to the risk & control framework operated by 1st line of defense, both at a Group level or in specific entities as per plan and oversees its effective remediation to reduce the residual risk exposure. 

The team draws on a wide range of expertise thanks to the diversity of its member’s backgrounds. The EXPERT will contribute to this with proven experience in the security domain, and an understanding of risk management. Experiences in Corporate governance, regulatory compliance and project management are beneficial. He/She will provide advice to executive officers and produce professional reports for executive committees and among senior business deciders.

The EXPERT will work closely with the GIRM “Framework & Report” team to improve entities risk management capabilities, to feed our risk models and to build relationships with stakeholders across the Group. He/She acts as a real team player and a role model in AXA values: courage and ONE AXA.

Main activities

  •  Manage second opinion process: lead and perform second opinion reviews:
    • Define the second opinion review scope;
    • Analyze projects, activities, organizations and processes to identify risks;
    • Conduct interviews of the main stakeholders;
    • Define a verification program to assess effectiveness of controls and risk coverage;
    • Write second opinion reports highlighting concerns and providing requirements and recommendations;
    • Present the outcome of the reviews to senior management; and
    • Follow-up of the remediation actions for the concerns raised in the second opinions (recommendations and/or requirements).
  •  As an expert, convince operational management and risk management executives by sharing his/her opinion and its arguments / evidence on risks, issues and projects through assurance or specific governance.
  • As an influencer and advisor, assist entities in implementing a local second opinion process; and
  • As a Group Risk Management team member, contribute to maintain the Group internal control framework on Technology, Data Management and Procurement macro-processes and to animate the Information Risk Management Community:
    • Provide support and assistance to business and entities for the Information risk and vendor risk frameworks, controls and reporting activities.
    • Provide an active support in animating the Information risk worldwide community through sharing best practices and technological developments.

[1] Information Risk is the risk that AXA’s information or information systems fail to deliver the expected value to the organization, impacting business objectives or creating unacceptable operational loss. It includes any data systems, networks, and the supporting resources (incl. budget, people, premises, security) that process it.

Vous rejoignez une entreprise :

-    Responsable, vis-à-vis des personnes, y compris ses employés et ses clients, et de la planète. -    Aux valeurs fortes-    Qui encourage la mobilité interne, et la formation de ses employés-    Qui vous offre de nombreux avantages (en savoir plus ici : Reward & Benefits - french | AXA Group)-    Flexible, qui permet le travail hybride, au bureau et à la maison.

Les informations fournies par les candidat(e)s seront traitées de manière strictement confidentielle et utilisées uniquement à des fins de recrutement.

Preferred experience


  • Bachelor or master’s degree in Risk Management, Technology or Information systems/security.
  • Minimum of 5 years’ work experience with information systems, preferably in Financial Services industry.
  • Experience in risk assessments or auditing
  • Relevant industry recognized certification.

Technical and professional skills

  • Passionate about technology and disruption trends in a digital world
  • Expertise in Information Security
  • Expertise in Technology/security Frameworks such as ITIL, ISO 2700x, COBIT, NIST, ISF, etc.
  • Understanding of information risk, vendor risk and operational risk management and controls.
  • Understanding of Financial services industry regulatory frameworks
  • Expert critical thinking and analytical skills
  • Constructive challenging ability in a collaborative environment.
  • Strong organizational skills and demonstrates high reliability, quality and timeliness of deliverables
  • Ability to work in and contribute to a team-oriented and collaborative environment.

Communication skills

  • Strong communication, negotiation and presentation skills
  • Proficient writing and delivery of presentations, documentation for executive audiences
  • Ability to interact with senior management and multiple stakeholders
  • Ability to work within an international and multicultural environment
  • Ability to elicit cooperation from a wide variety of sources, including Group and subsidiaries’ management, business experts
  • Fluent in English

 Managerial skills

  • Project management or assignment management skills are required.


Want to know more?

These job openings might interest you!

These companies are also recruiting for the position of “Risk Management and Compliance”.