Vulnerability Management Lead Expert

The second pillar provides fast and accurate capabilities to respond to zero-day vulnerabilities or critical threat events. You and your team will use all ROC platform capabilities to detect the threat and execute new scans and reports to Crisis Management and SOC teams, including indicators on which assets should be prioritized for remediation. The third pillar is to prioritize the ever-growing backlog of vulnerabilities for IT and Security teams. Using advanced integrations with AXA tools (ITAM, cyber threat intelligence, ticketing tools), you will actively contribute to reducing the Mean Time to Remediation (MTTR) below the speed of hackers. In this landscape, we are looking for a key expert that will support the ROC Platform technical topics that will be used by ROC processes.

Main missions As Cyberdefense Product Owner and Expert will

• Develop and refine the platform strategy, evolution, deployments in collaboration with the Product Manager and other Product owners, stakeholders, and end-users to ensure alignent with AXA's security priorities.
• Own and manage the platform product backlog, prioritizing features, improvements, and technical debt based on business value, risk, and compliance requirements.
• Engage with stakeholders across security, IT, compliance, and business units to gather requirements, feedback, and ensure their needs are reflected in the product backlog.
• Lead Agile ceremonies (daily standup, sprint planning, reviews, retrospectives) to facilitate team understanding of priorities and deliverables with the support for the SCRUM master
• Define clear acceptance criteria for deliverables and validate outputs against business needs, compliance standards, and security requirements.
• Support the Product Manager by translating strategic goals into actionable backlog items and ensuring their timely delivery.
• Promote transparency by providing regular updates on progress, risks, and dependencies to all relevant stakeholders.
• Foster team collaboration and motivate a team of technical SMEs to deliver high-quality outputs, removing blockers and facilitating continuous improvement.
• Enhance product understanding within the team and stakeholders to ensure technical and security considerations are incorporated into prioritization decisions.
• Measure and analyze product performance using KPIs, trends, and feedback to inform ongoing improvements.
• Advocate for the product internally and externally, promoting its value and outlining future roadmap initiatives.

Team structure: The team is led by a Product Manager, two Product Owners, and 4-5 FTEs for LOA (Run) activities, with about 3-6 people involved in strategic projects. We are looking for a team member that will support Cyberdefense Product manager as Product owner role and technical expert. Our target is to stay at the "state of art" of security while helping the team to be more agile and to build Risk Operation Center (ROC) product that will enable the next level of AXA Risk-based vulnerability management., As part of your mission, you and your product team will have to produce and to present key deliverables at the highest level of quality, such as:

• Delivery of the 1-18 months roadmap backlog
• Reports (Quality of Services, Capacity planning, …)
• Documentation of standards and procedures
• Reporting to AXA management
• Scripting and automation to improve daily activities and team productivity
• Improvement plans (automation, tools, incident action plan)
• Any deliveries related to project and program (Deployment, Migration, LLD, HLD, Risk assessment, Service update…)

Do you have experience in SoC?, * Proven experience in cybersecurity, especially vulnerability management and security operations.

• Demonstrable experience working as a Product Owner or in a similar Agile role, managing product backlogs and executing roadmaps.
• Ability to understand technical security concepts sufficiently to prioritize features and communicate effectively with technical teams.
• Strong stakeholder engagement and communication skills, with a proven ability to translate business needs into technical priorities.
• Leadership qualities to guide and motivate a team of technical SMEs in a fast-paced environment.
• Strong knowledge of Vulnerability and Exposure management solutions (e.g.Tenable One, Qualys ETM, Hackuity, etc.).
• Understanding of Continuous Threat Exposure Management (CTEM) is required.
• Previous roles related to Security Operation Center (SOC) or Vulnerability Operation Center (VOC) are highly desirable.
• Knowledge of Private and Public Cloud Security with general understanding of Workload Protection, including Servers, Workstation, Containers is required.
• Agile certifications (e.g., PSPO, CSPO) are highly desirable.
• Fluency in English is required; additional language skills are a plus., * Post-graduate degree in IT or a closely-related subject to IS Security.

Certification

• AGILE certifications are highly desirable (Product Owner, or other SCRUM/SAFE certifications): PSPO 1/2, CSPO, Safe Agile Practitioner, Safe POPM
• ISC² CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Professional) is recommended

Overall work experience in the fields

• Experience in AGILE hands-on experience (required)
• Experience in Team leadership (required)
• Experience in Security > 5 years (strongly recommended)

Language

• Fluency in English is required; additional language skills are a plus.

As ROC Platform Product Owner and expert, you will have to deliver a global product at scale to more than 65 AXA entities and demonstrate the added value of your product to Chief Security Officer, Chief Information Security officer and their operational IT/Security teams (more than 700 end users). You will support the key objectives of AXA OneTrust Security Strategy, and the long-term evolution of your product aligned with strategic and business goals. One key objective is to protect and to ensure AXA business and operational resilience by closing the doors (security vulnerabilities), used by Hackers during their attacks. The number of critical vulnerabilities has been growing by 7 to 15% every years in the past 5 years. In 2025 alone, 32% of exploited vulnerabilities were zero-day or one-day vulnerabilities. The Risk Operation Center must address this critical challenge with 3 pillars. The first pillar is to know what must be protected, known as Attack surface. You will provide capabilities for Attack Exposure Management on a wide IT-landscape including: * More than 30 local and global datacenters * More than 90 000 internal endpoints such servers, databases, network devices, cloud services and employees' workstations. * More than 25 000 externally exposed endpoints (application, network devices, …etc), What we offer We bring together the expertise, cultural diversity and creativity of over 8,000 employees worldwide and we're committed to equal opportunities in all aspects of employment (gender, LGBT+, disabled persons, or people of different origins) and to promoting Diversity & Inclusion by creating a work environment where all employees are treated with dignity and respect, and where individual differences are valued. About the entity AXA is becoming a sustainable tech-led company and at AXA Group Operations we are one of the major catalysts for this transformation. We set the tone by triggering and empowering the evolution of our insurance business model through technology and innovation, driving its concrete implementation globally at speed, with a high quality of advisory and execution. We are present across 17 countries with committed, highly qualified teams. We leverage technology, data, sourcing, security and investment allocation in a global way, but also achieve economies of scale and synergies when necessary. At AXA Group Operations, we want to be recognized in three fields of action: * State-of-the-art Data Technology to drive customer experience * State-of-the-art Procurement & Sourcing to drive efficiency and better manage risks * High-Performing Global Team for stronger partnerships with AXA entities About AXA As a world-leading insurance company, we act for human progress by protecting what matters. With 153,000 employees in 54 countries working for 105 million customers, we've created a truly dynamic and vibrant community. Inclusion and diversity link closely with our values, and together we're nurturing a culture of respect, for each other, for our customers and the communities around us. Join AXA and you'll feel like you belong, are included and can thrive. You'll be able to shape the way you work and truly grow your potential as you seek out new opportunities, push boundaries and benefit people in critical moments of their lives. This is your chance to build the tomorrow you want. Know you can.   You must create an Indeed account before continuing to the company website to apply