Information Security - Senior Lead – Security Culture Change
Ipswich, UK
The Senior Lead - Security Culture Change (SL) is a new role that is required to help deliver security culture change at AXA XL. We have embarked on a multi-year program to elevate security awareness and bring about security culture change to throughout our business. We have developed our program and are now looking for someone that has brought about large-scale culture change to drive this forward to the next stage of evolution. Effective communication skills are a must as the candidate will be supporting colleagues globally and dealing with senior stakeholders.
DISCOVERyour opportunity
Responsibilities
The SL work under the responsibility of the Head of IS Services and Risk Management and will report to the Security Awareness Program Lead. This is a hands-on role where the PM will be expected to work in a relatively small team of experts. The responsibilities of the role will include the following:
- Develop detailed project plans to deliver the outcomes based on the high-level plans.
- There are 6 initiatives that will commence in 2024:
- Roll out surveys to poll new and existing colleagues’ security awareness proficiency and security culture index score.
- Develop and rollout security awareness challenge to raise money for charity.
- Design and develop targeted awareness training of high-risk areas of the business.
- Implement a security non-compliance tool in the form of a time since last incident clock.
- Implement a network of business and IT colleagues that will act as Security Champions across AXA XL. Establish the governance and drive the initiative forward.
- Develop and deliver microlearning utilizing agile communication technologies.
- Participate in assessment of different business lines security risks to develop training plans and educate colleagues.
- Develop security guidelines crafted in a manner that is accessible to people with varying levels of technical experience.
- Understanding of different methods used to train colleagues, campaigns, phishing, gamification.
- Effective understanding of Phishing, Smishing, Social Engineering and other common methods that are used by cyber-criminals to prey on employees.
- The ability to communicate with senior management and senior security staff.
- The ability to lead one-on-one or smalls group session with colleagues to teach them about security threats and how to follow company security awareness standards.
SHARE your talent
We’re looking for someone who has these abilities and skills:
- Ability to navigate dealing with many different sets of security questions
- A cordial attitude to assisting colleagues and education them about potential threats
- Ability to effectively work with and contribute to a close-knit team while also being a self-starter are critical to success
- Ability to prioritize among competing priorities
- Experience of implementing large scale security culture change.
- Organizational skills and the ability to manage multiple reviews and tasks at the same time are essential
- Research and development skills in all areas of information security is essential. A detailed understanding of CISSP CBK, ISO 27001/2:2013 and associated Global Data Regulations is a plus
- Understanding the security impact and implementation of the triad (Confidentiality, Integrity, and Availability) on company networks and the appropriate risk model to present to business management.
- Ability to communicate with upper management/executive level, lawyers, Information security and non-it colleagues as well as Third party contacts is a must.
- Multiple languages a plus – English plus German, French or Spanish etc.
- Excellent technical writing skills
- Information Security or IT background is helpful along with other related practical experience which should include a working knowledge of some if not all of the following security services and tools:
- CISSP Domains and knowledgebase
- ISO 27000 suite of standards
- Ethical hack/penetration tests
- Firewall technologies
- Cloud security
- Access control
- Encryption in Transit and Rest
- Microsoft Azure, Microsoft Office, Microsoft Information Protection and Microsoft DLP
FIND your future
AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks. For mid-sized companies, multinationals and even some inspirational individuals we don’t just provide re/insurance, we reinvent it.
How? By combining a comprehensive and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business − property, casualty, professional, financial lines and specialty.
With an innovative and flexible approach to risk solutions, we partner with those who move the world forward.
Learn more at axaxl.com
Inclusion & Diversity
AXA XL is committed to equal employment opportunity and will consider applicants regardless of gender, sexual orientation, age, ethnicity and origins, marital status, religion, disability, or any other protected characteristic.
At AXA XL, we know that an inclusive culture and a diverse workforce enable business growth and are critical to our success. That’s why we have made a strategic commitment to attract, develop, advance and retain the most diverse workforce possible, and create an inclusive culture where everyone can bring their full selves to work and can reach their highest potential.
It’s about helping one another — and our business — to move forward and succeed.
- Five Business Resource Groups focused on gender, LGBTQ+, ethnicity and origins, disability and inclusion with 20 Chapters around the globe
- Robust support for Flexible Working Arrangements
- Enhanced family friendly leave benefits
- Named to the Diversity Best Practices Index
- Signatory to the UK Women in Finance Charter
Learn more at axaxl.com/about-us/inclusion-and-diversity . AXA XL is an Equal Opportunity Employer.
Sustainability
At AXA XL, Sustainability is integral to our business strategy. In an ever-changing world, AXA XL protects what matters most for our clients and communities. We know that sustainability is at the root of a more resilient future. Our 2023-26 Sustainability strategy, called “Roots of resilience”, focuses on protecting natural ecosystems, addressing climate change, and embedding sustainable practices across our operations.
Our Pillars
- Valuing nature: How we impact nature affects how nature impacts us. Resilient ecosystems - the foundation of a sustainable planet and society – are essential to our future. We’re committed to protecting and restoring nature – from mangrove forests to the bees in our backyard – by increasing biodiversity awareness and inspiring clients and colleagues to put nature at the heart of their plans.
- Addressing climate change: The effects of a changing climate are far reaching and significant. Unpredictable weather, increasing temperatures, and rising sea levels cause both social inequalities and environmental disruption. We're building a net zero strategy, developing insurance products and services, and mobilizing to advance thought leadership and investment in societal-led solutions.
- Integrating ESG: All companies have a role to play in building a more resilient future. Incorporating ESG considerations into our internal processes and practices builds resilience from the roots of our business. We’re training our colleagues, engaging our external partners, and evolving our sustainability governance and reporting.
- AXA Hearts in Action : We have established volunteering and charitable giving programs to help colleagues support causes that matter most to them, known as AXA XL’s “Hearts in Action” programs. These include our Matching Gifts program, Volunteering Leave, and our annual volunteering day – the Global Day of Giving.
For more information, please see axaxl.com/sustainability
Flexible Work Eligible
None
AXA XL is an Equal Opportunity Employer.
Location
GB-GB-Ipswich
Job Field
Information Technology
Schedule
Full-time
Job Type
Standard