Cloud Security Product Owner Contrat : CDI

AXA Group Operations – Centre opérationnel d’excellence du Groupe AXA.

Chez AXA, notre mission est de donner aux gens les moyens de vivre une vie meilleure. Grâce à l'innovation et à l'exécution, nous devons passer du statut de « Payeur » à un partenaire de confiance dans la vie de nos clients. Les objectifs concrets des activités du groupe sont de créer de la valeur pour l’organisation globale AXA, de collaborer avec le groupe Business Innovation pour encourager l’innovation et intégrer la simplicité et l’autonomisation dans notre contribution à la mission et à la stratégie d’AXA.

Présent dans plus de 18 pays, AXA Group Operations est le centre opérationnel d’excellence du Groupe AXA. Opérant dans les domaines de l’IT (Information Technology), Data & Innovation, Sécurité Informatique, Finance, Procurement, Transformation et Outsourcing, nous accompagnons la stratégie du Groupe : Devenir une entreprise innovante « Customer driven & Tech-led ».

AXA Group Operations Maroc

Présente au Maroc depuis 2009, AXA Group Opérations Maroc est une entité d’offshoring. Avec ses 300 collaborateurs et ses différents centres d’expertise opérant dans les domaines de l’informatique, de la Gestion de projet, de la Finance et des Ressources Humaines, AXA GO Maroc soutient Group Operations dans la réalisation de sa mission.

CONTEXT:

Throughout AXA, the security community represents 1000 security professionals, working daily to protect our employees, customers, operations and brand. Our operating model gathers the three security disciplines Information Security, Operational Resilience and Physical Security & Safety. Our security mission is to ensure that AXA is safe, secure and resilient.

AXA Group Security, as part of AXA GO, defines the security strategy, standards and provides assurance to the Group on the security maturity of all entities across AXA. In its role, it also supports our professional family in entities in maintaining their security posture and respond and coordinate responses to crisis.

This is accomplished through four strategic levers:

Safe: It is about our people, have them ready to face security challenges including third parties, health professionals

Secure: Secure the business of today and tomorrow, by increasing security effectiveness on a risk-based approach for all entities.

Resilient: Enhance anticipation, detection and reaction capabilities in case of events & Security by design

Simple: Simplify, converge and automate our services and activities

The Cyberdefense Product and project team is responsible for creating and updating the tactical product roadmap, managing the operations of the security products, in addition to enhancing product capabilities to execute the strategy defined by Group Security and deliver Cyber products to the AXA entities.

The Cyberdefense Product team oversees:

• The management and the evolution of existing class 1 (mandatory) products named Public Cloud Security Tower
• A product is the combination of a Team, supporting information security Processes, operating a technology (compliance scanning tools).

Our missions are to:

• support our business strategy and digital transformation, AXA is setting up a new information security practice to ensure a coordinated response to the increasing threat of cybersecurity in Cloud environment (Public and Private)
• The team performs and scheduling compliance and vulnerability scans on AXA network activity and infrastructure and generating reports to different teams (such as server admins, network administrators in order to mitigate scanned vulnerabilities).

Our goals are to:

• Deliver Security compliance measurement to AXA group
• Improve remediation activities using automation and technology
• Deliver high quality services to AXA group

DESCRIPTION:

As Product owner, you will:

• Develop and adapt products vision and roadmap in collaboration with the product manager and by discussing with customer / end-users
• Manage the product backlog, such as new feature and improvement, its delivery and its quality
• Help evaluate business value and benefits
• Determine whether a product backlog item was satisfactorily delivered
• Contribute to Epic, Feature, User stories definition and progress tracking
• Follow the day-to-day LOA (run) organization, blockers, and prioritization of the team with the support of the Product Manager
• Be a leader for the team and for AXA in term of expertise on the product technology and IS security process, aka Security Compliance management (CIS Benchmark, Cloud Security Compliance)
• Ensure transparency into the upcoming work of the team
• Involve all relevant stakeholders (architecture, entities, security, data privacy etc.) to ensure technical feasibility
• Coordinate internal resources and third parties/vendors for the flawless execution of projects
• Ensure resource availability and allocation and execution (in collaboration with product manager)
• Raise alert and identify solution to ensure on time delivery
• Evangelize within and outside AXA about the solutions you develop and market them accordingly
• Regular reporting of progress, risks, and issues towards the product manager and other stakeholders
• Participate to Product governance and meetup

TEAM STRUCTURE:

The team is led by one Product manager, and 3 people (FTE) for the LOA (run) activity and about 3-4 people part of the team on dedicated strategic project.

We are looking for a team member that will support Cyberdefense Product manager as technical lead and product owner role.

One of our target is to stay at the “state of art” of security while helping the team to be more agile.

Experience:

• Hands-on experience with Security compliance management tools (e.g. Tenable, Qualys, CIS, Azure, AWS, etc.) (required)
• Understanding of Hardening controls based on Security Industry Standards, such as CIS Benchmarks (Windows Server, Redhat Linux, AWS, Azure) (required)
• Work Experience in Private and Public Cloud Security (mandatory)
• Understanding of Workload Protection, including Servers, Workstation, Containers
• Experience using an ITSM tool such as ServiceNow
• Experience with JIRA or Azure DevOps Boards (desired)
• Knowledge of hacking techniques, cyber threats and security trends

Education:

• Post-graduate degree in IT or a closely-related subject to IS Security.

Certification:

• A certification in relation with Cloud Security is highly desired
• ISC² CCSP (Certified Cloud Security Professional)
• Microsoft Azure AZ-900 or AZ-500
• AWS Practionner
• Cloud Security Alliance CCSK (Certificate of Cloud Security Knowledge)

Overall work experience in the fields:

• Experience in Security > 4 years (required)
• Experience in Security product day-to-day management (required)
• Experience in AGILE / SCRUM methodology (required)
• Experience in Team management (recommended)

Skills:

• Work on maturing Security Compliance program services and processes
• Develop and improve KPIs, metrics, and trend analysis for vulnerability management features
• Take part of the implementation and operational best practices while taking ownership of tasks and/or project workstreams
• Analytical thinking, time management and coordination skills

Language:

• Fluent in English is a necessity (including technical Information security English)