Third Party Assurance Specialist – Information Security

Third Party Assurance Specialist – Information Security

At AXA XL we solve today’s complex risks to drive tomorrow’s innovation. We see our careers with AXA XL as a chance to unleash our potential globally. Cultivate expertise. Collaborate constantly. Analyze deeper. Dream bigger.

We are looking for an individual who has well-defined skills in technology and communication who will be a proactive contributor to the Third-Party Assurance Team and aid in upholding the AXA XL security policies and global Information security regulations through the execution of Third-Party Information Security Assessments. You will have a vested interest in learning the AXA XL’s Third-Party Assurance Team’s procedures and be a valued member of a global team.

DISCOVERyour opportunity

What will your essential responsibilities include?

Essential responsibilities:

·Ensure that AXA XL Third-Party Assurance standards are met for all Third Parties that are hosting or handling AXA XL data, and/or connecting to the AXA XL network.

·Possess a working knowledge of the sources in which AXA XL standards are derived: AXA XL’s Internal Information Security Policy, The New York State Department of Financial Services Cybersecurity Regulations (NYDFS), and Data Privacy laws (including GDPR).

·Assess each third party based on their individual situations and the risk that the data loss would pose to AXA XL or to AXA XL’s customers, including the type of data involved, the Third Party’s processing activities, the applicable jurisdiction, etc.

·Provide expertise and consultancy covering all aspects of AXA XL’s Information Security infrastructure and policies.

Third Party Assurance Team responsibilities:

·Engagement into the Information Security Review Team’s Third-Party Governance Business Partner Risk Evaluation Platform (BPREP) tool.

·Provide ongoing assistance and education to the Third Party throughout the BPREP process, including but not limited to:

oAttend meetings as needed to aid in the completion of the questionnaire, and address questions and concerns.

oCommunicate with Third Party in a timely proactive manner to meet internal workflow timelines.

·Perform evaluation to the answers and documentation provided by Third Parties to determine regulatory and internal policy compliance of proposed vendor’s network environments. Documentation may include but is not limited to the following:

oThird party Information Security policies.

oIndependent Control Assessment Report (SSAE18, ISAE3402, Cyber Essentials, etc.).

oThird party penetration test/ethical hack results.

oVulnerability scan results.

oOther control documentation and/or attestations.

·Knowledge of various internal tools and software to ensure the Confidentiality, Integrity and Availability of AXA XL data. Such tools may include but are not limited to; SAI BPREP application, Cyber Risk Analytics, Data Breach Calculator, TLS Checker

·Autonomy to develop and provide detailed assessments to Third Parties and business stakeholder identifying the potential deficiencies and mitigation steps required to be taken in order to meet the minimum AXA XL Security requirements.

Third Party Assurance Contract Negotiation responsibilities:

·Collaborate with Procurement, Legal, Data Privacy, Business Stakeholder(s), and/or other internal parties to assist in the successful and timely execution of new agreements, renewal agreements and/or amendments to existing agreements.

·Ensure proper AXA XL Security Language is present in relevant agreement.

·Discretion and ability to negotiate the language in accordance to the AXA XL Security requirements.

·Autonomy to manage the deficiencies found during the BREP review and determine mitigation actions in support of the AXA XL Risk Acknowledgement and Mitigation Plan (RAMP) filing process.

·Comply with the AXA Group vendor risk framework through the contract management solution ContractIn.

You will report to the Head of Third-Party Assurance Team.

SHARE your talent

We’re looking for someone who has these abilities and skills:

·Excellent communication skills, written and verbal

·Ability to manage process workflow, participant expectations, conflict resolution, and project management skills are critical to success.

·Confident and successful negotiator

·Ability to effectively work with and contribute to a close-knit team while also being a self-starter are critical to success.

·Organizational and time management skills and the ability to manage multiple reviews and tasks at the same time are essential.

·Ability to research, and further develop skills in applicable areas of Information Security is essential.

·Understanding the security impact and implementation of the triad (confidentiality, integrity, and availability) on data networks and the appropriate risk model to present to business management are key ingredients to this position.

·Information security or IT background is preferred and/or related practical experience, which could include a working knowledge of the following security services and tools:

oCISSP domains and knowledgebase

oISO 2700 suite of standards

oVulnerability scans/scanners

oEthical Hack/Penetration tests

oIntrusion Prevention Systems/Intrusion Detection Systems

oFirewall technologies

oCloud Security

oAccess Control

oEncryption

oSIEM

oData Loss Prevention

oMicrosoft Office

FIND your future

AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks. For mid-sized companies, multinationals and even some inspirational individuals we don’t just provide re/insurance, we reinvent it.

How? By combining a strong and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business − property, casualty, professional, financial lines and specialty.

With an innovative and flexible approach to risk solutions, we partner with those who move the world forward.

At AXA XL we are happy to talk flexible working. We are committed to building a diverse and inclusive workforce and consider flexible ways of working for every role. Talk to us about how we can make flexibility work for you.

Corporate Responsibility

At AXA XL our approach to corporate responsibility (CR) is the same as our approach to business; constantly seeking to provide innovative solutions to the world’s most complex problems. From offering our expertise, products and services to help build more resilient communities, to advancing understanding and response to climate change, our strategy – Our Impact. Our Future. – aligns key issues that are pertinent to our business – climate, water and financial resilience - and contributes to AXA Group’s purpose to “Act for human progress by protecting what matters.”.

·Climate: We’re reducing our carbon footprint, protecting ecosystems and exploring how our business can help build a better world.

·Water: We’re developing water resilience where it is — and will be — needed most.

·Financial resilience: We’re helping create opportunities for the unemployed and underemployed, so they can be better prepared for unexpected changes.

·Hearts in Action:We have established volunteering and charitable giving programs to help colleagues support causes that matter most to them, known as our “Hearts in Action” programs.

Diversity & Inclusion

At AXA XL, we know that an inclusive culture and a diverse workforce enable business growth and are critical to our success. That’s why we have made a strategic commitment to attract, develop, advance and retain the most diverse workforce possible, while creating an inclusive culture where everyone can bring their full selves to work and can reach their highest potential.

·Five Business Resource Groups focused on gender, LGBTQ+, race/ethnicity, disability and inclusion with 20 Chapters around the globe

·Robust support for Flexible Working Arrangements

·Enhanced family friendly leave benefits

·Named to the Diversity Best Practices Index

·Signatory to the UK Women in Finance Charter