Manager, Information Security

Job Description

Responsibilities:

The role works with other security managers in the team and reports to the Chief Security Officer. The Security team is responsible for the organization’s information security, cyber resilience, and operational resilience. The candidate should possess proven experience in information security with sound technical knowledge, and exposure on security governance, assurance and/or security risk management.

The candidate are required to comply with group security standards and regulatory requirements, ensure security compliance against legal and regulatory requirements. Maintaining security policies and process documents, implementing Security standards and controls, provide security advise to business and project team to align with the Corporate Security standards and controls, documenting security recommendation and mitigation options in clear, business-intelligible language.

Candidates should have good understanding of international security standards (ISO27001 / NIST), cloud security, secure development / DevSecOps, and exposure to enterprise level security products including but not limited to privileged account management, SIEM, data leakage prevention, vulnerability management.

The candidate should possess strong presentation and communication skills. The role shall communicate with global subject matter experts, experience of working in a multinational organization would be an advantage.

Job Description:

• Provide professional security advisory and recommendations on solutions architecture, business project requirements, and security related enquiry.
• Conduct security architecture reviews to ensure the organization's systems and application are designed and implemented align with Group’s security policy.
• Conduct security risk assessment on technology solutions and/or technical controls to identify potential security threats and vulnerabilities and develop strategies to mitigate risks.
• Ensure security in DevSecOps security, infrastructure and application security, including information security architecture review, go-live approval, vulnerability assessment and penetration testing conducted by approved service penetration test providers.
• Would be an advantage if the candidate has experience on participating or coordinate Red-team/Blue-team, Penetration testing, and Threat intelligence simulation attack.
• Support internal & external security audit/compliance assessments, and devise mitigation measures to address findings effectively
• Security Incident management and support 1st line to ensure timely detection, response, and resolution of security incidents.
• Periodically review and update security policies, operation process, for security control enhancement
• Prepare management reports to Chief Security Officer & Management team.

Qualifications:

• 6+ years of experience in information security, security risk or related area.
• Degree in information security, computer science, information management systems or related field.
• In-depth understanding of cloud security principles and best practices, with experience in securing cloud environments (e.g., Azure, AWS).
• Understanding of DevSecOps and application security, including secure coding practices, vulnerability assessment, and secure deployment methodologies.
• Demonstrated track record in leading and implementing successful information security initiatives programs.
• Ability to apply analytical rigor to understand complex business scenarios. Problem solving skills and ability to work independently. Strong communication skills and Team player.
• Fluent in English (verbal and written).
• Relevant certifications (e.g., CISSP, CISA, OSCP, CEH, ISO 27001 or equivalent, etc.) are a plus 
• Capable candidate with lesser experience would be considered for junior roles.

About AXA Hong Kong and Macau

AXA Hong Kong and Macau is a member of the AXA Group, a leading global insurer with presence in 51 markets and serving 94 million customers worldwide. Our purpose is to act for human progress by protecting what matters.

As one of the most diversified insurers in Hong Kong, we offer integrated solutions across Life, Health and General Insurance. We are the largest General Insurance provider and a major Health and Employee Benefits provider. Our aim is to not only be the insurer to provide comprehensive protection to our customers, but also a holistic partner to the individuals, businesses and community we serve. At the core of our service commitment is continuous product & service innovation and customer experience enrichment, which is achieved through actively listening to our customers’ needs and leveraging and investing in technology and digital transformation.

We embrace our responsibility to be a driving force against climate change and a force for good to create shared value for our community. We are proud to be the first to address the importance of mental health through different products and services and thought leading iconic research. Our overall Sustainability Strategy, with emphasis on climate strategy and biodiversity commitment, is developed based on TCFD recommendations. We are committed to integrating environmental, social and governance factors across our business and strive to contribute to a sustainable future through 3 distinct roles - as an investor, an insurer and an exemplary company.

AXA is an equal opportunity employer. We are committed to promoting Diversity and Inclusion (D&I) by creating a work environment where all employees are treated with dignity, respect, and where individual differences are valued. We welcome and treasure diverse profiles to join our big family, and to build an inclusive culture together which allows everyone to maximise their personal potential.

Our people strategies are designed to enhance employee well-being and professional growth, ultimately empowering them to excel within the company.

Click here to learn more about our Benefits (https://www.axa.com.hk/en/benefits) , Culture (https://www.axa.com.hk/en/culture-and-values), & Career Development (https://www.axa.com.hk/en/career-development).