Manager, Information Security

AXA Group-company-logo
Manager, Information Security
AXA Group
Cybersecurity
Central and Western, Hong Kong
7 days ago
Full Time
Onsite
Technology, Information and Media
Job Description
36 days ago
The role work with other security managers in the team and reports to the Chief Security Officer. The Security team is responsible for the organization’s security risk, cyber resilience, and operational resilience. The candidate should possess proven experience in information security with sound technical knowledge, and exposure on security governance, assurance and/or security risk management.

The candidate are required to comply with group security standards and regulatory requirements, maintaining security policies and process documents, support Architect / Development / Testing on the DevSecOps, collaborate with business and project team to align with the corporate Security standards and controls, maintaining the organization's security posture.

Sound understanding of international security standards (ISO27001 / NIST), and exposure to public cloud, privileged account management, SIEM, data leakage prevention, anti-DDoS, WAF, proxy gateway, vulnerability management, Operational and IT resilience.

The candidate should possess strong presentation and communication skills. Provide security advise to business and project team to ensuring alignment with the Corporate Security standards and controls, documenting security recommendation and mitigation options in clear, business-intelligible language. Ensure security compliance against legal and regulatory requirements. Experience of working in a multi-national organization would be beneficial but not a requirement.

Job Description:
• Provide professional security advisory and recommendations on solutions architecture, business project requirements, and security related enquiry.
• Conduct security risk assessment on technology solutions and/or technical controls to identify potential security threats and vulnerabilities and develop strategies to mitigate risks. Maintain security risk register, and communicate identified risks and impacts to stakeholders
• Conduct vendor security assurance review on process/control/ and provide security advisory for continuous improvement
• Ensure security in DevSecOps, collaborate with Architect / Development / Testing on application security assessment and oversee penetration testing conducted by approved service penetration test providers.
• Would be an advantage if the candidate has experience on participating or coordinate Red-team/Blue-team, Penetration testing, and Threat intelligence simulation attack.
• Support internal & external security audit/compliance assessments, and devise mitigation measures to address findings effectively
• Security Incident management and support 1st line to ensure timely detection, response, and resolution of security incidents.
• Periodically review and update security policies, operation process, for security control enhancement
• Prepare management reports to Chief Security Officer & Management team.

Qualifications:
• 5+ years of experience in information security, security risk or related area.
• Degree in information security, computer science, information management systems or related field.
• In-depth understanding of cloud security principles and best practices, with experience in securing cloud environments (e.g., Azure, AWS).
• Solid understanding of DevSecOps and application security, including secure coding practices, vulnerability assessment, and secure deployment methodologies.
• Demonstrated track record in leading and implementing successful information security initiatives programs.
• Ability to apply analytical rigor to understand complex business scenarios. Problem solving skills and ability to work independently. Strong communication skills and Team player.
• Fluent in English (verbal and written).
• Relevant certifications (e.g., CISSP, CISA, OSCP, CEH, ISO 27001, NIST or equivalent, etc.) are a plus
• Capable candidate with lesser experience would be considered for junior roles.
Share to
More jobs from AXA Group
AXA Group-company-logo
Consulting & System Integration
Central and Western, Hong Kong
7 days ago
Full Time
Onsite
Technology, Information and Media
AXA Group-company-logo
Product/Project Manager
Central and Western, Hong Kong
7 days ago
Full Time
Onsite
Technology, Information and Media
AXA Group-company-logo
Business & Management
Central and Western, Hong Kong
7 days ago
Full Time
Onsite
Technology, Information and Media
AXA Group-company-logo
Business & Management
Central and Western, Hong Kong
7 days ago
Full Time
Onsite
Technology, Information and Media
AXA Group-company-logo
Product/Project Manager
Central and Western, Hong Kong
7 days ago
Full Time
Onsite
Technology, Information and Media
More jobs like this
Bank of China (Hong Kong) Limited-company-logo
Senior / Technology Risk Manager (Cyber Security Control Division)
Bank of China (Hong Kong) Limited
Central and Western, Hong Kong
国泰君安国际 Guotai Junan International-company-logo
Information Security Manager/ Senior Manager
国泰君安国际 Guotai Junan International
Central and Western, Hong Kong
Senior Cyber Security Manager
HSBC
Central and Western, Hong Kong
Hip Hing Construction Ltd-company-logo
Senior Cyber Security Engineer
Hip Hing Construction Ltd
Central and Western, Hong Kong
Manager - Security Architecture
DCH Business Innovations
Central and Western, Hong Kong
Security Specialist - Cybersecurity
hktservice
Central and Western, Hong Kong