Manager, Information Security

AXA Group-company-logo
Manager, Information Security
AXA Group
网络安全
中西区, 香港
7 天前
全职
办公室工作
技术、信息和媒体
工作描述
47 天前
The role work with other security managers in the team and reports to the Chief Security Officer. The Security team is responsible for the organization’s security risk, cyber resilience, and operational resilience. The candidate should possess proven experience in information security with sound technical knowledge, and exposure on security governance, assurance and/or security risk management.

The candidate are required to comply with group security standards and regulatory requirements, maintaining security policies and process documents, support Architect / Development / Testing on the DevSecOps, collaborate with business and project team to align with the corporate Security standards and controls, maintaining the organization's security posture.

Sound understanding of international security standards (ISO27001 / NIST), and exposure to public cloud, privileged account management, SIEM, data leakage prevention, anti-DDoS, WAF, proxy gateway, vulnerability management, Operational and IT resilience.

The candidate should possess strong presentation and communication skills. Provide security advise to business and project team to ensuring alignment with the Corporate Security standards and controls, documenting security recommendation and mitigation options in clear, business-intelligible language. Ensure security compliance against legal and regulatory requirements. Experience of working in a multi-national organization would be beneficial but not a requirement.

Job Description:
• Provide professional security advisory and recommendations on solutions architecture, business project requirements, and security related enquiry.
• Conduct security risk assessment on technology solutions and/or technical controls to identify potential security threats and vulnerabilities and develop strategies to mitigate risks. Maintain security risk register, and communicate identified risks and impacts to stakeholders
• Conduct vendor security assurance review on process/control/ and provide security advisory for continuous improvement
• Ensure security in DevSecOps, collaborate with Architect / Development / Testing on application security assessment and oversee penetration testing conducted by approved service penetration test providers.
• Would be an advantage if the candidate has experience on participating or coordinate Red-team/Blue-team, Penetration testing, and Threat intelligence simulation attack.
• Support internal & external security audit/compliance assessments, and devise mitigation measures to address findings effectively
• Security Incident management and support 1st line to ensure timely detection, response, and resolution of security incidents.
• Periodically review and update security policies, operation process, for security control enhancement
• Prepare management reports to Chief Security Officer & Management team.

Qualifications:
• 5+ years of experience in information security, security risk or related area.
• Degree in information security, computer science, information management systems or related field.
• In-depth understanding of cloud security principles and best practices, with experience in securing cloud environments (e.g., Azure, AWS).
• Solid understanding of DevSecOps and application security, including secure coding practices, vulnerability assessment, and secure deployment methodologies.
• Demonstrated track record in leading and implementing successful information security initiatives programs.
• Ability to apply analytical rigor to understand complex business scenarios. Problem solving skills and ability to work independently. Strong communication skills and Team player.
• Fluent in English (verbal and written).
• Relevant certifications (e.g., CISSP, CISA, OSCP, CEH, ISO 27001, NIST or equivalent, etc.) are a plus
• Capable candidate with lesser experience would be considered for junior roles.
分享到
更多来自 AXA Group
AXA Group-company-logo
咨询与系统集成
中西区, 香港
7 天前
全职
办公室工作
技术、信息和媒体
AXA Group-company-logo
产品/项目经理
中西区, 香港
7 天前
全职
办公室工作
技术、信息和媒体
AXA Group-company-logo
商业管理
中西区, 香港
7 天前
全职
办公室工作
技术、信息和媒体
AXA Group-company-logo
商业管理
中西区, 香港
7 天前
全职
办公室工作
技术、信息和媒体
AXA Group-company-logo
产品/项目经理
中西区, 香港
7 天前
全职
办公室工作
技术、信息和媒体
更多类似工作
Bank of China (Hong Kong) Limited-company-logo
Senior / Technology Risk Manager (Cyber Security Control Division)
Bank of China (Hong Kong) Limited
中西区, 香港
国泰君安国际 Guotai Junan International-company-logo
Information Security Manager/ Senior Manager
国泰君安国际 Guotai Junan International
中西区, 香港
Senior Cyber Security Manager
HSBC
中西区, 香港
Hip Hing Construction Ltd-company-logo
Senior Cyber Security Engineer
Hip Hing Construction Ltd
中西区, 香港
Manager - Security Architecture
DCH Business Innovations
中西区, 香港
Security Specialist - Cybersecurity
hktservice
中西区, 香港