Senior Lead - Security Culture Change

at  XL Catlin

INFORMATION SECURITY - SENIOR LEAD – SECURITY CULTURE CHANGE

Ipswich, UK
The Senior Lead - Security Culture Change (SL) is a new role that is required to help deliver security culture change at AXA XL. We have embarked on a multi-year program to elevate security awareness and bring about security culture change to throughout our business. We have developed our program and are now looking for someone that has brought about large-scale culture change to drive this forward to the next stage of evolution. Strong communication skills are a must as the candidate will be supporting colleagues globally and dealing with senior stakeholders.
DISCOVER your opportunity

The SL work under the responsibility of the Head of IS Services and Risk Management and will report to the Security Awareness Program Lead. This is a hands-on role where the PM will be expected to work in a relatively small team of experts. The responsibilities of the role will include the following:

• Develop detailed project plans to deliver the outcomes based on the high-level plans.
• There are 6 initiatives that will commence in 2024:
• Roll out surveys to poll new and existing colleagues’ security awareness proficiency and security culture index score.
• Develop and rollout security awareness challenge to raise money for charity.
• Design and develop targeted awareness training of high-risk areas of the business.
• Implement a security non-compliance tool in the form of a time since last incident clock.
• Implement a network of business and IT colleagues that will act as Security Champions across AXA XL. Establish the governance and drive the initiative forward.
• Develop and deliver microlearning utilizing agile communication technologies.
• Participate in assessment of different business lines security risks to develop training plans and educate colleagues.
• Develop security guidelines crafted in a manner that is accessible to people with varying levels of technical experience.
• Understanding of different methods used to train colleagues, campaigns, phishing, gamification.
• Effective understanding of Phishing, Smishing, Social Engineering and other common methods that are used by cyber-criminals to prey on employees.
• The ability to communicate with senior management and senior security staff.
• The ability to lead one-on-one or smalls group session with colleagues to teach them about security threats and how to follow company security awareness standards.

SHARE your talent

SHARE YOUR TALENT

We’re looking for someone who has these abilities and skills:

• Strong English written and verbal skills mandatory
• Ability to navigate dealing with many different sets of security questions
• A cordial attitude to assisting colleagues and education them about potential threats
• Ability to effectively work with and contribute to a close-knit team while also being a self-starter are critical to success
• Ability to prioritize among competing priorities
• Experience of implementing large scale security culture change.
• Organizational skills and the ability to manage multiple reviews and tasks at the same time are essential
• Research and development skills in all areas of information security is essential. A detailed understanding of CISSP CBK, ISO 27001/2:2013 and associated Global Data Regulations is a plus
• Understanding the security impact and implementation of the triad (Confidentiality, Integrity, and Availability) on company networks and the appropriate risk model to present to business management.
• Ability to communicate with upper management/executive level, lawyers, Information security and non-it colleagues as well as Third party contacts is a must.
• Multiple languages a plus – English plus German, French or Spanish etc.
• Excellent technical writing skills
• Information Security or IT background is helpful along with other related practical experience which should include a working knowledge of some if not all of the following security services and tools:
• CISSP Domains and knowledgebase
• ISO 27000 suite of standards
• Ethical hack/penetration tests
• Firewall technologies
• Cloud security
• Access control
• Encryption in Transit and Rest
• Microsoft Azure, Microsoft Office, Microsoft Information Protection and Microsoft DLP

CORPORATE RESPONSIBILITY

At AXA XL our approach to corporate responsibility (CR) is the same as our approach to business; constantly seeking to provide innovative solutions to the world’s most complex problems. From offering our expertise, products and services to help build more resilient communities, to advancing understanding and response to climate change, our strategy – Our Impact. Our Future. – aligns key issues that are pertinent to our business – climate, water and financial resilience - and contributes to AXA Group’s purpose to “Act for human progress by protecting what matters.”.

• Climate: We’re reducing our carbon footprint, protecting ecosystems and exploring how our business can help build a better world.
• Water: We’re developing water resilience where it is — and will be — needed most.
• Financial resilience: We’re helping create opportunities for the unemployed and underemployed, so they can be better prepared for unexpected changes.
• Hearts in Action: We have established volunteering and charitable giving programs to help colleagues support causes that matter most to them, known as our “Hearts in Action” programs.

For more information, please see the Corporate Responsibility section on our website.

The SL work under the responsibility of the Head of IS Services and Risk Management and will report to the Security Awareness Program Lead. This is a hands-on role where the PM will be expected to work in a relatively small team of experts. The responsibilities of the role will include the following:

• Develop detailed project plans to deliver the outcomes based on the high-level plans.
• There are 6 initiatives that will commence in 2024:
• Roll out surveys to poll new and existing colleagues’ security awareness proficiency and security culture index score.
• Develop and rollout security awareness challenge to raise money for charity.
• Design and develop targeted awareness training of high-risk areas of the business.
• Implement a security non-compliance tool in the form of a time since last incident clock.
• Implement a network of business and IT colleagues that will act as Security Champions across AXA XL. Establish the governance and drive the initiative forward.
• Develop and deliver microlearning utilizing agile communication technologies.
• Participate in assessment of different business lines security risks to develop training plans and educate colleagues.
• Develop security guidelines crafted in a manner that is accessible to people with varying levels of technical experience.
• Understanding of different methods used to train colleagues, campaigns, phishing, gamification.
• Effective understanding of Phishing, Smishing, Social Engineering and other common methods that are used by cyber-criminals to prey on employees.
• The ability to communicate with senior management and senior security staff.
• The ability to lead one-on-one or smalls group session with colleagues to teach them about security threats and how to follow company security awareness standards

At AXA XL our approach to corporate responsibility (CR) is the same as our approach to business; constantly seeking to provide innovative solutions to the world’s most complex problems. From offering our expertise, products and services to help build more resilient communities, to advancing understanding and response to climate change, our strategy – Our Impact. Our Future. – aligns key issues that are pertinent to our business – climate, water and financial resilience - and contributes to AXA Group’s purpose to “Act for human progress by protecting what matters.”.

• Climate: We’re reducing our carbon footprint, protecting ecosystems and exploring how our business can help build a better world.
• Water: We’re developing water resilience where it is — and will be — needed most.
• Financial resilience: We’re helping create opportunities for the unemployed and underemployed, so they can be better prepared for unexpected changes.
• Hearts in Action: We have established volunteering and charitable giving programs to help colleagues support causes that matter most to them, known as our “Hearts in Action” programs