Senior Specialist, Agile Security and Risk Management Assessment

Social network you want to login/join with:

Client: AXA Group

Location: Ipswich

Job Category: Other

EU work permit required: Yes

Job Reference: 1f588fc845ee

Job Views: 27

Posted: 12.08.2025

Expiry Date: 26.09.2025

Security Consultant – Project Risk Assessments

The Secure Project Lifecycle process has been established to perform risk assessments, ensuring security is considered as part of the design and throughout the project lifecycle. The SPL process governs projects within the Planview time recording and management system and those that are managed outside such as Move to the Cloud (MttC) programme.

The role will augment the Information Security team to perform risk assessments of projects, provide guidance, and acquire outcomes/decisions from the project manager, enterprise architect, technical architect, solutions architect, data privacy officer, project management office, strategic change development, IT Infrastructure and Operations, and penetration testers.

The specialist will work under the responsibility of the Head of IS Services and Risk Management and will report to the Secure Project Lifecycle Team Lead. Responsibilities include:

• Review submission of IS Criticality Assessment (ISCA) questionnaire (ISCA Dashboard)
• Determine high-level security requirements and project criticality based on standard project activities and data classification from DP pre-screening
• Work with assigned architect to ensure security requirements are finalized in design (High Level Design), review with Enterprise Architecture, Solutions Architecture, Cyber Security, and Cyber Assurance
• Review all security requirements and evidence provided by the project manager to support closure of each requirement, including:
• Review and feedback on ISCA questionnaire
• Review and feedback on High Level Design (HLD)
• Present at ISCA Project Technical Review
• Attend and obtain HLD sign-off at Technical Design Authority, Solutions Design Authority (SDA), and Data Intelligence and Analytics (DIA)
• Obtain Third Party Risk Evaluation Platform (TPREP) scorecard for TP SaaS solutions from Security Contracts team
• Obtain Minimum Technical Security Baseline compliance reporting from QualysGuard
• Obtain Cloud Permit from Enterprise Architecture
• Obtain Code Review and Analysis – in-house solutions only from SCD
• Self-serve vulnerability assessment compliance report of assets in scope
• Liaise with Cyber Assurance on penetration testing of solution and obtain sign-off
• Obtain Digital Hub registration for external-facing solutions from Cyber Assurance
• Produce Project Security Assessment closure report
• Perform a final review of all open security requirements and their status before any stage gate approval, ensuring AXA XL SDLC processes are followed
• Store all evidence in IS projects shared area
• Update the project register daily and update the Project Security Assessment (PSA) template as a record of activity. Submit PSA for sign-off to complete risk assessment
• Manage project RAG status, highlighting activities trending amber and red to management and the project manager
• Liaise with project manager to support the development of risk acceptance where needed
• Attend meetings with project manager, stakeholders, ISCA technical review, architectural design authorities, and pen testing reviews. Challenge non-compliant design decisions, escalate issues, and offer options for resolution

All deliverables are subject to internal quality assurance and peer reviews conducted by the Information Security team.

We’re looking for someone with these skills and abilities:

• Bachelor’s degree in computer science, Engineering, or related field with senior professional experience
• Experience in performing project risk assessments and information security technical risk assessments
• Proficient in information security risk and governance frameworks (ISO 27005, EBIOS)
• Strong analytical and reporting skills
• Expert in Microsoft Office (Word, Excel, PowerPoint, Access)
• Effective communication and stakeholder influence skills
• Attention to detail and ability to create clear, engaging presentations
• Industry certifications (CISSP, CISM, CRISC, GIAC, or equivalent)
• Experience articulating IS risks in business language and advising on risk management
• Experience in security management reporting and methodologies
• Experience in multinational companies (preferred)

AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks. We provide re/insurance for mid-sized companies, multinationals, and individuals, reinventing insurance through innovation, data insights, technology, and talented teams in an agile, inclusive workspace. We partner with those who move the world forward.