Information Security Lead
Job Description
Key Responsibilities & Accountabilities • Ensure SDLC, Business Change and IT change management processes mature to deliver mandatory cyber and
information security outcomes.
• Develop and maintain AXA's Security Risk Process including - assessing potential business impact that could
result from a security breach, and the resultant value of the security of information ; Identifying security
weaknesses and vulnerabilities; Modelling security threat scenarios; Assessing the likelihood of such threat
scenarios; Assessing the overall risk level and identifying and recommending appropriate controls to manage
the risk.
• Conduct Technical Analysis, modelling threat scenarios in order to update the Risk Process, focusing on
identifying new information and cyber security threats arising from new and changed IT systems and
applications.
• Conduct Risk Analysis of systems and infrastructures under development, by assisting the relevant business
and IT parties in the application of the Risk Process ; in particular, liaise with these groups to ensure early
involvement of the Risk Process in new developments.
• Conduct Risk Analysis of existing systems, by review of current security status from existing IT and external
Audit records and by review, consolidation and resolution of outstanding Information and Cyber security risk
acceptances or non-compliance.
• Provide Cybersecurity architecture best practices and Cybersecurity requirements in the other fields
• Design, support the implementation and control the Cybersecurity of architectures
• Ensure the Cybersecurity of AXA’s critical systems (e.g. platform, solution, service)
• Perform Cybersecurity watch
• Upon request, provide assistance on other critical topics (e.g. incidents, vulnerabilities) Accountability
• Provide Cybersecurity architecture best practices and Cybersecurity requirements in the other fields
• Design, support the implementation and control the Cybersecurity of architectures
• Determine Cybersecurity requirements in a way to fulfill business objectives and AXA Cybersecurity
requirements
• Plan, research and design robust Cybersecurity architectures
• Including full product or information management covering the full lifecycle, Including DRP (Disaster
Recovery Plan), log management, potential integration issues and cost constraints, when applicable
• Anticipate possible Cybersecurity risks, identify areas of weakness, and respond effectively to possible
Cybersecurity breaches
• Remain up to date with the latest Cybersecurity systems, standards, authentication protocols, Cybersecurity
solutions, software/component vulnerabilities and threats
• Design, support the implementation and control the Cybersecurity of architectures
• Acquire a deep understanding of technology (Information Systems and/or Industrial Control Systems)
• Depending on the project, design concept / software / components/ infrastructure / Cloud based Cybersecurity
architectures
• Control that the Cybersecurity requirements are fulfilled during all the phases of the BCP (Business Continuity
Plan) and DRP (Disaster Recovery Plan) when applicable
• Follow the critical systems (platform, solution, service) during their whole life cycle.
• Ensure Cybersecurity has been taken into account in the RFIs/RFQs/RFPs (Request For
Information/Quotation/Proposal)▪ Advise on the architecture
▪ Write/validate the Cybersecurity requirements
▪ Advise on possible evolutions. Propose/contribute to a roadmap for improvement.
▪ Advise on the detailed architecture (e.g. review, reuse, change)
▪ Control the Cybersecurity requirements, Before the Go-Live and during the Run, whenever
contractual obligations require it
▪ Ability to Manage and perform AXA’s Penetration testing framework (annual Campaign, Go - live, Upon changes)
Skills
Education and Certifications: • Bachelor’s degree in computer science, Engineering, or related field.
• MSc Information Security would be desirable but is not essential.
• SABSA (Sherwood Applied Business Security Architecture)
• CISSP-ISSAP (Information Systems Security Architecture Professional)
• CISSP (Certified Information Systems Security Professional)
• CSSA (Certified SCADA Security Architect)
• OSCP (Offensive Security Certified Professional)
• CEH (Certified Ethical Hacker)
Qualifications:
Soft Skills & Behavioral Competencies:
• Extensive experience in Cybersecurity, in-depth knowledge of Cybersecurity strategies and architectures
• Extensive experience in Information Systems and/or Industrial Control Systems / IT risk management with a
focus on Cybersecurity, performance and reliability
• Solid understanding of Cybersecurity protocols, cryptography, authentication, authorization
• Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE
ATT&CK framework
• Penetration testing/ Purple Team / Threat Intelligence / Threat Hunting or similar background, or demonstrable
experience
• Experience in web / mobile and application development
• Experience implementing multi-factor authentication, single sign-on, identity management or related
technologies
• Ability to interact with a broad cross-section of personnel to explain and enforce Cybersecurity measures
• Excellent written and verbal communication as well as business acumen.
• Experience and strong knowledge in Cybersecurity
• Knowledge of risk assessment models
• Knowledge of auditing and reporting procedures
• Ability to implement risk monitoring and testing procedures
• Ability to build relationships with key stakeholders
• Ability to understand broader business issues
• Strong communication and presentation skills
Job Location Cairo, Egypt Job Role Information Technology Years of Experience Min: 6 Max: 8
