Third Party Assurance Specialist – Information Security

Third Party Assurance Specialist – Information Security

At AXA XL we solve today’s complex risks to drive tomorrow’s innovation. We see our careers with AXA XL as a chance to unleash our potential globally. Cultivate expertise. Collaborate constantly. Analyze deeper. Dream bigger.

We are looking for an individual who has well-defined skills in technology and communication who will be a proactive contributor to the Third-Party Assurance Team and aid in upholding the AXA XL security policies and global Information security regulations through the execution of Third-Party Information Security Assessments. You will have a vested interest in learning the AXA XL’s Third-Party Assurance Team’s procedures and be a valued member of a global team.

DISCOVERyour opportunity

What will your essential responsibilities include?

Essential responsibilities:

·Ensure that AXA XL Third-Party Assurance standards are met for all Third Parties that are hosting or handling AXA XL data, and/or connecting to the AXA XL network.

·Possess a working knowledge of the sources in which AXA XL standards are derived: AXA XL’s Internal Information Security Policy, The New York State Department of Financial Services Cybersecurity Regulations (NYDFS), and Data Privacy laws (including GDPR).

·Assess each third party based on their individual situations and the risk that the data loss would pose to AXA XL or to AXA XL’s customers, including the type of data involved, the Third Party’s processing activities, the applicable jurisdiction, etc.

·Provide expertise and consultancy covering all aspects of AXA XL’s Information Security infrastructure and policies.

Third Party Assurance Team responsibilities:

·Engagement into the Information Security Review Team’s Third-Party Governance Business Partner Risk Evaluation Platform (BPREP) tool.

·Provide ongoing assistance and education to the Third Party throughout the BPREP process, including but not limited to:

oAttend meetings as needed to aid in the completion of the questionnaire, and address questions and concerns.

oCommunicate with Third Party in a timely proactive manner to meet internal workflow timelines.

·Perform evaluation to the answers and documentation provided by Third Parties to determine regulatory and internal policy compliance of proposed vendor’s network environments.  Documentation may include but is not limited to the following:

oThird party Information Security policies.

oIndependent Control Assessment Report (SSAE18, ISAE3402, Cyber Essentials, etc.).

oThird party penetration test/ethical hack results.

oVulnerability scan results.

oOther control documentation and/or attestations.

·Knowledge of various internal tools and software to ensure the Confidentiality, Integrity and Availability of AXA XL data.  Such tools may include but are not limited to; SAI BPREP application, Cyber Risk Analytics, Data Breach Calculator, TLS Checker

·Autonomy to develop and provide detailed assessments to Third Parties and business stakeholder identifying the potential deficiencies and mitigation steps required to be taken in order to meet the minimum AXA XL Security requirements.

Third Party Assurance Contract Negotiation responsibilities:

·Collaborate with Procurement, Legal, Data Privacy, Business Stakeholder(s), and/or other internal parties to assist in the successful and timely execution of new agreements, renewal agreements and/or amendments to existing agreements.

·Ensure proper AXA XL Security Language is present in relevant agreement.

·Discretion and ability to negotiate the language in accordance to the