Information Risk Manager

Under the supervision of the Head of Enterprise, Operational and Information risks, and in close collaboration with the Security team, you will act independently with your experience and technical skills.

The "Information Risk Manager" function plays a central role in DORA (Digital Operational Resilience Act) regulation. It is responsible for ICT (Information Communication Technology) risk identification and assessment procedures, the development of control measures and their monitoring to ensure the company's operational digital resilience. A solid, comprehensive and well-documented ICT risk management framework enables ICT risks to be addressed quickly, effectively and comprehensively.

Your main responsibilities as Information Risk Manager will be:

• Implementation, monitoring and continuous improvement of the ICT risk management framework (ICT RM Framework) in compliance with DORA regulations and covering various aspects (Vendor risk, IT and Security).
• Coordination of the annual review of the ICT risk management framework (ICT RM Framework review report).
• Monitoring compliance with DORA regulation, particularly through coordination of the quarterly "DORA steerco" committee and monitoring the evolution of ICT risk regulation (Assuralia working groups).
• Responsibility for the ICT risk management function (in coordination with the "Operational risk" team), concerning procedures for identification, monitoring, assessment, mitigation and capital quantification of ICT risks (using the internal model).
• Quarterly production of ICT risk monitoring reporting (IRM KRI dashboard) and Information Risk Appetite.
• Regular communication of the current state of ICT risks to the management body and management of communication around ICT risks with regulatory authorities (NBB).
• Promotion of risk culture within AXA and ICT risk awareness, for example by proposing training programs.
• Providing local advice (second opinions) on strategic IT initiatives (including modernization, Artificial Intelligence, etc.), information security and data management, including the entity's strategic plan and projects under the strategic program committee, and transmitting a copy to Group IRM.
• Support for other cross-functional department tasks (Security correspondent, Data Steward, etc.)

Your profile

Besides being an expert in risk management, the 2nd line Information Risk Manager must understand most aspects of information and technology, provide second opinions on information security and technology issues, and be able to provide expert advice on information and security risks in various operational contexts. Therefore, he/she must understand and have experience with the organization of an insurance company. As a 2nd line Information Risk Manager, you have:

• A bachelor's or master's degree in a field related to information technology (computer science, engineering, etc.)
• A master's or MBA in a business-related field (Management, Business Studies, Commercial Engineering, etc.)
• At least 5 years of experience in information security and business continuity
• Key knowledge: Have specialized knowledge or be certified in Cobit 5 for Risk, ISO 27001, ISO 27002 and ISO 27005.
• Knowledge that constitutes an asset: A certification in security and continuity is an asset (CGEIT, CRISC, CISM, CISA, etc.);
• Leadership skills and ability to act as an authority on risk management, information security and information technology aspects;

You have the ability to take leadership and possess a strong personality to work independently with multiple stakeholders:

Softskills

• You are an excellent communicator;
• You are able to communicate complex ideas and concepts to people without technical knowledge;
• You are Capable of assuming a central and cross-functional role;
• You are a driving force on complex subjects and you are able to coach the 1st line risk management;
• You have an excellent professional level in Dutch or French and English is a must.