Whatever their stage of life, we provide over 108 million customers with the products and services they need to progress. From insurance to personal protection, and savings to wealth management, no matter the need we’re always there for them. And we’re always there for our employees. In 50 countries, we work hard to inspire pride and a sense of belonging in our people. To provide opportunities that challenge them, inspire them, and reward them. And to create a culture that’s open, supportive, and empowering. Because we know that’s the real secret to success – and the best way for us to keep building a better world for both our customers and the talented people who put them first.

Your work environment:

The headquarters of the AXA Group (GIE AXA) brings together our corporate activities. It provides guidance and support to subsidiaries around the world, to ensure the coordination and monitoring of the Group's global strategy, the application of its standards, the consistency of commercial approaches and the sharing of best practices. The headquarters gathers approximately 1000 employees and is distinguished by its strong international culture (45 nationalities), which makes it a rich and stimulating place to work.

YOUR TEAM

Within the Group, you will be part of the Group Risk Management department and join the Group Information Risk Management team reporting to the Head of the department.

In the context of growing cybersecurity threats and global information risks, regulators require AXA to get a solid second line of defense to ensure the overall risks are adequately managed and that risk appetite is mastered in that respect. Although protection of information is a shared responsibility of all AXA entities, including all AXA employees, agents, and advisors, GRM has set a specific department to guide and control AXA in this effort: Group Information Risk Management (GIRM) is responsible for leading the enterprise's approach for managing existing and emerging risks associated with the stewardship of AXA information. The “Information Risk Framework, Program Management and Reporting” team oversees the risk management processes from end-to-end (from identification to mitigation and monitoring): through the setting and animation of an Information Risk Management framework, it defines and challenges the expected level of controls to be implemented by the AXA entities, as well as it regularly reports to the Group stakeholders about the level of residual risks from the ground, to generate, drive and follow-up good risk-based decisions. In addition, when a financial institution relies upon third parties to provide operational services, they also rely on those service providers to have sufficient recovery capabilities for the specific services they perform on behalf of the financial institution: therefore, an effective vendor risk management helps to identify, measure, monitor, and mitigate the risks associated with outsourcing.

YOUR JOB AND DAILY MISSIONS

• With the Digital Operational Resilience Act (DORA) as a key driver, you will reinforce, maintain and improve the existing Information Risk Framework, ensuring that it properly integrates the requirements of the new global Information and Communication Technologies (ICT) risk management framework, as part of the DORA regulation.
  • Drive its implementation and maintenance at corporate and entity level:
    • Ensure that the qualitative risk assessment campaign is performed at local level in respect of the Group Operational Risk guidance and analyze results at both local and global levels. 
    • Supervise the development and maintenance of the quantitative models on IT risks (cyber-attack, cloud outage, infrastructure failure, non-compliance with data privacy regulation…) in coordination with Group Operational Risk team and other corporate stakeholders. Analyze quantitative models results on IT risks at both entities and global levels.
    • Ensure quantitative models on IT risks are well implemented in alignment with Group guidance by doing Qualitative Assurance Reviews of entities models (QAR).
    • Contribute to ensure that appropriate mitigation actions are defined at local level for the risks identified according to the risk tolerance level for those risks.
    • Drive Strategic and Transversal projects for calculation of the Value at Risk reduction.
    • Refine and improve the Information incidents monitoring and the quality of service at corporate and entity level. As part of DORA regulation, coordinate the ICT incident reporting (workflow with Group COO teams, notification to supervisor in a timely manner, follow-up).
    • Develop, automatize, and maintain the quarterly Key Risk Indicators Dashboard on Information Risks. Analyze results of the entities indicators to highlights key risks.
  • Develop, maintain, and analyze results of the Information Risk Appetite Framework (existing exposures and additional upcoming ones).
  • Develop, maintain and coordination the annual ICT report at corporate center and entity level.
  • Oversee relevant Information Risk Management policies or instructions.
• With the third-party risk requiring further attention, you will develop and maintain the global vendor risk management framework in coordination with corporate stakeholders (i.e., Group Procurement and Group COO teams)
  • Ensure its implementation and maintenance at corporate center and entity level (incl. the third-party risk management strategy, as part of DORA requirement).
  • Oversee relevant Vendor Risk Management policies or instructions.
  • Ensure the adherence with the Internal Control Programme.
  • Animate and drive the Vendor Risk Management Community ensuring information and decision are shared.
  • Oversee the vendor registration process at both corporate center and entity level in coordination with Group Procurement team, as part of DORA regulation requirement.
• Develop and maintain the Group Internal Control framework on Technology, Data Management and Procurement macro-processes and to the integration of internal control in the Group and local business processes, on a risk-based approach:
  • Support its implementation and maintenance at corporate and entity level, and assistance to business and entities for the Information risk and vendor risk frameworks, controls and reporting activities.
• Animate and drive the Information Risk Management Community ensuring information and decision are shared.
  • Provide support and assistance to business and entities in support of both Information risk, ICT risk framework and vendor risk activities and controls
  • Ensure risk issue escalation and management which should be defined, efficient and aligned with AXA Group risk appetite framework
  • Maintain an active and shared awareness of both Information risk, ICT risk framework and vendor risk industry best practices and regulatory developments.

Vous rejoignez une entreprise :

-    Responsable, vis-à-vis des personnes, y compris ses employés et ses clients, et de la planète. -    Aux valeurs fortes-    Qui encourage la mobilité interne, et la formation de ses employés-    Qui vous offre de nombreux avantages (en savoir plus ici : Reward & Benefits - french | AXA Group)-    Flexible, qui permet le travail hybride, au bureau et à la maison.

Les informations fournies par les candidat(e)s seront traitées de manière strictement confidentielle et utilisées uniquement à des fins de recrutement.

Experience:

• Bachelor’s degree minimum; Master’s degree preferably in IT systems,
• Minimum of 10 years’ work experience, preferably in Financial Services industry, including risk management experience,
• Experience as business analyst profile with ability to analyze data,
• Knowledge of IT systems, processes and controls,
• Experience in cooperating with relationships within a global company.

Technical and professional skills:

• Understanding of information risk, vendor risk and operational risk management and controls,
• Understanding of Financial services industry regulatory frameworks,
• Understanding of Technology/Security Frameworks
• Analytical skills,
• Project management skills,
• Constructive challenging ability in a collaborative environment.
• Strong organizational skills and demonstrates high reliability, quality and timeliness of deliverables
• Demonstrated leadership ability in a team-oriented and collaborative environment.
• Ability to work well under pressure while completing timely, executive level deliverable
• Strong experience in managing relationships within a global company

Communication skills:

• Superior communication and presentation skills
• Ability to interact with multiple stakeholders
• Ability to work within an international and multicultural environment
• Ability to elicit cooperation from a wide variety of sources, including Group and subsidiaries’ points of contact, business experts
• Fluent in English
• Rigorous
• Proactive