Compliance Lead

IT Compliance and Risk Lead

Whatever their stage of life, we provide over 108 million customers with the products and services they need to progress. From insurance to personal protection, and savings to wealth management, no matter the need we’re always there for them. And we’re always there for our employees. In 50 countries, we work hard to inspire pride and a sense of belonging in our people. To provide opportunities that challenge them, inspire them, and reward them. And to create a culture that’s open, supportive, and empowering. Because we know that’s the real secret to success – and the best way for us to keep building a better world for both our customers and the talented people who put them first.

Your work environment:

The division

• Group CIO creates the link between technology and business strategy and priorities, defines the technology operating model for AXA, sets global and local architecture, applications, and infrastructure standards, and leads the definition and execution of global technology strategy and technology lifecycle to enable innovation and business growth.
• Within the Group, you will join the AXA GO CIO department. The IT Department aims to drive the digital transformation of the GIE (local and corporate functions), promoting and deploying innovative IT solutions aligned with the Group's strategy. The department serves as a true partner to the business functions, providing support and guidance.
• Within this Department, you will be part of the Governance & Performance team, in charge of the operational and strategic management of IT services, global programs, finance, workforce, Governance, Risk, and compliance.

Your job and daily missions:

You will work closely with the Head of Governance and Compliance to secure information, create, and implement strategies to minimize the variety of risks that could threaten the key information. Moreover, you’ll partner with the business to continually assess and identify potential risks, evaluating them to ensure that they are appropriately mitigated through properly implemented policies, procedures, training, systems, and controls.

CONTEXT AND MAJOR CHALLENGES

The insurance sector is subject to a complex and constantly evolving regulatory framework, including regulations such as the Digital Operational Resilience Act (DORA). At the same time, the rapid development of digital technologies and the rise of cyber threats have increased the complexity of risks facing companies.

In this context, the profile of the IT Compliance and Risk Lead must be able to meet these challenges by developing and implementing compliance and IT risk monitoring strategies adapted to this complex regulatory environment and constantly evolving cyber threats. They must be capable of maintaining constant regulatory and technological monitoring, collaborating with internal and external stakeholders, and advocating for innovative security practices and tools to mitigate risks and ensure compliance with regulatory requirements.

Key Accountabilities:

• Monitoring and managing the IT systems to ensure that they are secure.
• Ensure that IT control framework for the activities under the CIO responsibilities are aligned to the global framework when relevant and undertaking the risk reviews.
• Identifying potential regulatory and non-regulatory IT risks through thorough and ongoing risk assessments with relevant business leads.
• Assisting in finding practical and cost-effective solutions on risk issues.
• Building and maintaining strong and positive working relationships and effective means of communication with other GIE departments (CSO, DPO, Information Risk Management…) and AXA GO.
• Providing direction and guidance in the development, implementation, and communication of risk-related policies and standards.
• Working in relation and conformity with internal and external auditors.
• Providing guidance to employees, colleagues, and/or governance stakeholders.
• Providing aggregated risk and controls supervision, measurement, and reporting activities.
• Actively engaging in end-to-end risk remediation planning, resolution, and monitoring activities.
• Monitoring key milestones, escalation of past due activities, problem triage and management, and archiving key monthly artifacts for audit purposes.
• Develop ongoing technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness.
• Leading the IT Business Process Improvement and contributing to the review of internal processes and activities and identifying potential opportunities for improvement.
• Adhere to, advise, oversee, monitor, and enforce enterprise frameworks and methodologies that relate to technology controls. Influence behavior to reduce risk and foster a strong technology risk management culture throughout GIE AXA.

Your Profile:

What you’ll need to succeed in this role:

• At least 6 years of professional working experience in a similar position in Insurance or banking (or in a highly regulated environment).
• A university degree ideally in the fields of information technology, computer science, information security, or a related field.
• Be familiar with applicable insurance regulations and how they impact the IT department.
• Strong interpersonal skills and the ability to develop effective trustworthy relationships with the business stakeholders and GIE SMEs (CSO, DPO…).
• Staying aware of Information Security current affairs, business continuity, data management, security and encryption, and vulnerability analysis and audit.
• Excellent communication skills, both written and verbal, to be able to articulate complex IT risks in simple business terms.
• Excellent problem-solving and self-management skills to solve technical problems tactically and analytically and successfully handle management information and metrics design, collection, analysis, reports, etc.
• Advanced knowledge of organization, technology controls, security, and risk issues.
• Demonstrated ability to participate in complex, comprehensive or large projects and initiatives.
• Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, and outside vendors.
• Audit or controls background, Big Four experience are a plus.
• Experience with Key Risk Indicators and Technology Risk reporting is a plus. Recognized certification in Information Security such as: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or CRISC are a plus.