Manager, Security Assurance (Cyber Security)

AXA HK Security Team acts as a partner with AXA HK business to keep AXA and our customer data safe and provide operational resilience.

AXA HK Security Team develops and implements the security strategy, in line with Group and local direction and relevant legal and regulatory requirements; and provides governance and oversight for first line security activities.

Information Security Assurance & Governance Team within the AXA HK Security Team supports the AXA HK Chief Security Officer in developing and conducting security testing activities to provide assurance over the effectiveness of security controls in AXA HK and consolidate up-to-date evidence in support of Hong Kong and Macau compliance and regulatory requirements.

The duties of the Manager, Security Assurance include:

• Performing security reviews on business IT applications, network / infrastructure components
• Monitoring various security logs and responding to any abnormal activities
• Leading responses to identified security incidents
• Managing security threat and vulnerabilities remediation and follow up
• Providing security advisory and recommendation on mitigating security risks
• Being capable of discovering in a proactive manner potential security risks within deployed AXA IT solutions
• Preparing Group Security reports on technical controls
• Supporting local implementation of Group Security initiatives

Job Requirements:

• 7+ years of experience in information technology / information security
• Degree in information management system, information security, computer science, business, accounting, engineering or closely related field is strongly preferred
• Security industry certification (e.g., CISA, CISM, CISSP ISO 27001 Lead Auditor or equivalent) strongly preferred
• Cloud certification in Azure strongly preferred
• Problem solving skills and ability to work under pressure
• Ability to work on multiple tasks in parallel
• Strong networking skills and team player
• Good communication skills
• Ability to apply analytical rigour in understanding complex business scenarios
• Ability to respond to audit and assessment requirements
• Understanding of the latest security principles, techniques, and protocols
• Technical experience with network security, monitoring, security incidents response
• Technical knowledge of IT security tools, including firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), anti-virus software, Endpoint Detection and Response (EDR) authentication systems, log management, data loss prevention (DLP), web gateway
• Fluent in English (verbal and written)
• Fluent in Cantonese (verbal) an added advantage
• Candidates with less experience will be considered as Assistant Manager, Security Assurance.