Job ID: 9857

Entity: AXA Group Operations

About AXA

As a world-leading insurance company, we act for human progress by protecting what matters. With 153,000 employees in 54 countries working for 105 million customers, we’ve created a truly dynamic and vibrant community. Inclusion and diversity link closely with our values, and together we’re nurturing a culture of respect, for each other, for our customers and the communities around us. Join AXA and you’ll feel like you belong, are included and can thrive. You’ll be able to shape the way you work and truly grow your potential as you seek out new opportunities, push boundaries and benefit people in critical moments of their lives. This is your chance to build the tomorrow you want. Know you can.

About the entity

AXA is becoming a sustainable tech-led company and at AXA Group Operations we are one of the major catalysts for this transformation. 

We set the tone by triggering and empowering the evolution of our insurance business model through technology and innovation, driving its concrete implementation globally at speed, with a high quality of advisory and execution.

We are present across 17 countries with committed, highly qualified teams. We leverage technology, data, sourcing, security and investment allocation in a global way, but also achieve economies of scale and synergies when necessary.

At AXA Group Operations, we want to be recognized in three fields of action:

• State-of-the-art Data Technology to drive customer experience
• State-of-the-art Procurement & Sourcing to drive efficiency and better manage risks
• High-Performing Global Team for stronger partnerships with AXA entities

Job position pitch

About the job

Main missions

Your responsibilities include:

• Provide guidance and perform day-to-day security operations management and reporting as 1st line of defense (execution). That includes managing related Request, Incident, Change and Problem tickets for services in scope.
• Oversee and drive the following processes: infrastructure security operations, application security, audit remediations, security incident and crisis management
• Drive coverage and reporting of all security scanning tools to all relevant assets in scope.
• Monitor, report and drive on compliance to operational service SLA, KPI, KRI with entities for services subscribed to.
• Be the extended team of CyberDefense Global team in delivering tools and services to Asia entities.
• Be the point of contact within Service Delivery organization for security operations related activities, collaborate across organizational boundaries (e.g. Solution Delivery, Regional & local CISO’s, vendors, etc.)
• Be the Subject Matter Expert on security operations matters to detect, respond and defend AXA against malicious attacks and threat actors.
• Oversee Security Monitoring and Security Incident process, this includes Executive and Client communications, direct resource management and coordination and process oversight from detection to post-mortem / RCA.
• Ensure and enforce Information Security relevant controls and process across the AXA entities
• Participate as required in global security programs and projects to deliver assigned objectives
• Contribute to Audit relevant investigations and their management action plans to remediate the discovered risks.

Other responsibilities:

• Act as a security advocate to promote security policies and culture / mindset.
• Act as a security advisor to the business on security matters.
• Participate and support local Security Programs and Projects.
• Contribute to rapid incident response by recommending and prioritizing appropriate responses and by contributing to the lessons learned and post-incident activities.

Expected skills & experience

We are looking for someone with the following experience and skills:

Education

• Diploma or bachelor’s degree in computer science, engineering, or related fields

Experience

• Minimum 5 years of experience in IT  
• Minimum 5 years of experience in IT Security
• Proven experience in running Security Operations and project works in at least one of the categories below.

- Infrastructure Security

- Application Security

- Project Security Governance

- Audit finding and remediation works.

• In-depth experience of infrastructure and application security domains, architectures and issues.
• Information Security and/or Information Technology industry certification like CISSP, CCSP, CISM, CISA, CEH, GCIH, GCIA, OSCP, and etc, is a plus
• Experience on Cloud Security is a plus

Technical skills

Subject Matter Expert knowledge on at least 4-5 topics below;

(a) Infrastructure Security (Mandatory)

• Network Security (basic/intermediate knowledges – 2/3 products)

- Firewall and IP routing

- Intrusion Prevention System (IPS)

- DDoS protection

- Secure Web Access (Proxy)

- Secure email gateway

- Web Application Firewall (WAF)

• End-Point Security

- Malware Protection (Anti-Virus, Anti-Malware)

- End-Point Detection & Response (EDR)

- Data Leakage Prevention (DLP)

• Data Security

- Encryption

• SIEM

(b) Application Security (Bonus)

• Architecture review
• SDLC
• SAST & DAST

(c) Cloud Security (Bonus)

• PaaS and IaaS Security
• Data Security
• Cloud compliance
• DevSecOps

Soft skills / transversal skills

• Cross-cultural sensitivity and flexibility. Appreciate diversity and inclusiveness. 
• Experience with security operations, risk and service delivery frameworks.
• Familiar with local and regional regulatory requirements for Asia entities; HKMA, MAS, MY RMIT, TH BOT, ID FSA, DORA, etc.
• Knowledge of information security best practices, architecture, standards and threat landscape
• Customer-centric and strong service delivery skills with escalation management capabilities
• Strong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, works effectively as a team player
• Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively
• Able to translate technical requirements and communicate at all levels
• Apply analytical rigor to understand complex business scenarios
• Ability to function effectively in a matrix structure.
• Ability to function with minimal supervision

What we offer

We bring together the expertise, cultural diversity and creativity of over 8,000 employees worldwide and we’re committed to equal opportunities in all aspects of employment (gender, LGBT+, disabled persons, or people of different origins) and to promoting Diversity & Inclusion by creating a work environment where all employees are treated with dignity and respect, and where individual differences are valued.