Security & Governance (Audit, Risk) Delivery Lead
UK (London or Ipswich)
We invent the new to help the world move forward. Combining powerful analytics and deeper insights with bigger ideas and innovative solutions, we free up our clients’ potential, thereby fulfilling our own. Take it seriously. Make it fun. Know it matters.
DISCOVERyour opportunity
What will your essential responsibilities include?
Line management responsibility for 7 – 3 Security Analysts, 4 IT Risk, Audit, Governance Analysts
Security
Owns ‘BAU’ Security remediation, non-project, on behalf of Transversal Application Services
1. Owns and runs the Steering Group, owns the Working Group, assesses and prioritises incoming requests, assesses and reports on quality and security of code, prioritises and ensures execution of remediation according to InfoSec targets.
Owns MTSB (Minimum Technical Security Baseline) Controls on behalf of Transversal Application Services
2. Ensures compliance with the agreed score, set by the MTSB Control Committee, post project completion including process governance and resourcing.
Sets the direction for the Scanning tools to be used in conjunction with GT Security
3. Owns the relationship between Application Operations and Information Security and GT Security
4. Understanding security drivers, build a collaborative execution model, facilitate productive working relationships.
Security Champion for Transversal Application Services
5. Driving Security culture change within Transversal Application Services, embedding an effective security capability enabling consistency and advocacy within the teams
Production of regular reporting providing visibility into the Transversal Application Services teams of position against backlog/outstanding security remediation items
Develops and manages the process to enable the Transversal Application Services delivery teams to apply for funding for security related items.
Manages the team of 3 Security Analysts
Risk
Primary interface between Transversal Application Services & IT Risk & Governance – dotted line into Global Head of IT Risk & Governance
6. Building a consistent and understood single point of entry into Transversal Application Services from IT Risk & Governance, building consistent and repeatable information assets.
Risk Champion for Transversal Application Services
7. First line of defence co-ordination and control, assisting in setting the strategic direction for identification, governance and appetite of Risk
8. Owns the Risk response back to Internal Audit and IRM, tracks audit risk items through to closure ensuring adherence to agreed closure dates.
9. Detailed tracking of audit items, including slippage information, and reported out to Transversal Application Services/Application Delivery key stakeholders.
10. Second and Third Line of Defence co-ordination (including IRM)
Manages the Technology Obsolescence risk identification process and onward feed into the Software Obsolescence Program (SOP) for remediation.
11. Maintenance of data store in Abacus, extraction of data points to deliver insight into the largest obsolescence risks the organisation faces, delivering outcome into the SOP to achieve and be able to demonstrate overall risk reduction.
Owns the RAMP Management process on behalf of Transversal Application Services
12. Initial review of submitted RAMPs, ensuring RAMPs meet the data provision baseline as determined by Information Security Steering Committee, deputising at RRG Review meetings and the InfoSec Steering Committee
13. Responsible for the underlying JIRA (RAMP) system maintenance and development
14. Drives improvements to the RAMP management process as relates to Transversal Application Services, consistency in approach, visibility of position, identification of transversal risks etc.
Ensures visibility into Transversal Application Services of Risk related activities and associated deliverables.
15. Production of Dashboards, reporting, building a single source of truth for all Risk items
Manages the Senior Business Analyst aligned to Risk activity.
Audit
Owns and manages all Internal, External and Financial Control audits on behalf of Transversal Application Services
16. Owns, maintains and develops the relationship with Internal Audit, acting as the primary contact point for Transversal Application Services
17. Collation, and provision, of all supporting evidence gathered in from the Transversal Application Services functions.
18. Meets audit timelines ensuring no deficiencies.
19. Maintains a central repository of evidence including MAPs, Audit Findings and associated documents.
20. Produces Audit schedule, socialising with Application Delivery Leads/Application Managers for visibility and awareness.
21. Create/maintain an Audit tracker.
22. Produces regular reporting for distribution across Transversal Application Services to support visibility of audit compliance.
Governance
Manage engagement from App Operations Governance team into Application Delivery teams.
23. Ensure all relevant data is accurately maintained, CMDB, IHEF, Escrow, Abacus etc. is maintained and updated for all applications/services owned and managed by the Application Delivery teams.
Manages vendor governance, working in collaboration with Operations Leads and Sourcing
24. Maintains up to date source of all contractual information as relates to vendor provided services, development, support, IDM services etc.
25. Develops and distributes service reporting templates to ensure productivity and effectiveness of vendor weekly/monthly reporting and service reviews.
26. Checks and validates vendor SLA measurements.
27. Attends monthly vendor governance reviews.
28. Provides support for SLA & KPI configuration in the Service Management tool (Silva currently)
Finance
29. Manage circa $ Application Security budget (non-project) including activities such as accruals, forecasting etc.
You will report to the Head of Application Operations with a dotted line into the Global Head of IT Risk & Governance
SHARE your talent
We’re looking for someone who has these abilities and skills:
30. Excellent presentation, communication (oral & written), and relationship building skills, across all levels of management
31. Established Organizational skills with attention to detail and ability to handle change
32. Excellent problem solving and analysis skills
33. Must be able to work well under pressure and consistently meet deadlines
34. Ability to work as part of a team or to be self-directed as required
35. Practiced at working as part of a global team (including outsourcing) spanning multiple time zones
36. Understand cultural differences and be effective working in a diverse environment
37. Passion for learning and prepared to go the “extra mile”
38. You care about what you do, and what we do
FIND your future
AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks. For mid-sized companies, multinationals and even some inspirational individuals we don’t just provide re/insurance, we reinvent it.
How? By combining a comprehensive and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business − property, casualty, professional, financial lines and specialty.
With an innovative and flexible approach to risk solutions, we partner with those who move the world forward.
Inclusion & Diversity