| Employer: | AXA Rosenberg
| Job Ref No: |
419437554
| Job Title: |
Chief Information Security Officer
| Sub Sector: |
Risk & Performance / Pension
| Expertise: |
Risk Manager
|
The Chief Information Security Officer [CISO] is responsible for AXA Rosenberg’s security posture, both physical and digital. The CISO is the leader for the corporate security function. The CISO will liaison with AXA-IM and AXA Group security organizations to insure that AXA Rosenberg security posture is in alignment with both AXA-IM and AXA Group. The CISO working with the CTO and Risk Management will be responsible for all policies concerning information security. The CISO will develop and deliver a comprehensive information security and privacy program for AXA Rosenberg. The scope of this program is companywide and includes information in electronic, print and other formats. The purpose of this program is to ensure information created, acquired or maintained by AXA Rosenberg and its authorized users, is used in accordance with its intended purpose, to protect AXA Rosenberg information and its infrastructure from external or internal threats and to assure that AXA Rosenberg complies with statutory and regulatory requirements regarding information access, security and privacy. Position Responsibilities: - Ensures the design and management of security related technical systems are done in accordance with generally accepted security best practices and supports the company’s compliance with regulatory requirements and internal policies, standards and procedures.
- Oversee the dissemination of security policies, standards and procedures to AXA Rosenberg.
- Coordinate the development and delivery of an education and training program on information security and privacy matters for employees and other authorized users.
- Perform reviews of application systems security.
- Troubleshoot, perform forensic research of, and provide incidence response to security incidents.
- Analyzing security vulnerabilities via periodic scanning and/or other analysis including patch management and exposure remediation.
- Detailed knowledge of multi tiered systems design with host, application and database components.
- Clear understanding of interworking and connectivity between computer systems and security related issues.
- Work with Legal, Compliance and Risk Management to ensure AXA Rosenberg complies with all state and federal information security policies and regulations.
- Work with HR to ensure AXA Rosenberg is in compliance with HIPAA and other privacy requirements.
- Report all breach or security incidents using the AXA-IM (parent company) and/or AXA Group (parent of parent) procedures. Serve as AXA Rosenberg contact point for information security, privacy and copyright infringement incidents.
- Continually assess risks as new information is reported within the security community. Advise and recommend methods for prevention and detection of these risks.
- Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to AXA Rosenberg.
- Keep accurate records and documentation for all security programs, policies and systems.
- Work within the SDLC framework to improve security for our software applications, creating processes where necessary and in agreement with AXA-IM.
- Work with AXA-IM to develop KPIs, KRIs and dashboards for reporting to management of AXA Rosenberg and AXA-IM.
- Work with AXA-IM to create a common and pragmatic security framework for convergence of both companies into one seamless security framework working well for each.
- Other duties as assigned to work within his/her team.
- Off hour support and weekend work may be necessary on occasion.
- Travel to international offices may be required
Experience: 10 years industry experience in Information Security required Specific Skills: - The candidate must be knowledgeable in information security, demonstrated by certificates in CISSP, CISM or other security areas
- The candidate must be knowledgeable of firewalls, routers and network switches
- The candidate must have excellent documentation skills.
- The candidate must have experience with anti-virus systems from a management perspective and the ability to deal with virus alerts and incidents.
- The candidate must have knowledge of e-mail scanning techniques
- The candidate must be conversant with TCP/IP networks and understand the low-level operation of at least the following protocols: DCHP, SMTP, SNMP, HTTP, and FTP.
- The candidate must know the difference between application level protocols and packet level protocols
- The candidate much be capable of designing firewall rules, and allowing or blocking services across the firewalls
- The candidate must have knowledge of security concepts and present a “security focused” attitude to systems operations.
Education: BA in Information Security or other IT related field or equivalent experience required Other Qualities: Salary & Benefits:
| Region/Country: |
Americas
| City: |
Orinda
| Address: | | Post Date: | 02/08/2012 |
