Responsibilities:

• Conduct security architecture reviews to ensure the organization’s systems and application are designed and implemented align with Group’s security policy.
• Oversight application vulnerability assessment and penetration testing services through a comprehensive process to identify weaknesses and vulnerabilities
• Lead and coordinate the 1^st / 2^nd Line penetration testing campaign, including the development and execution of an annual penetration testing assessment plan
• Manage external penetration testing 3^rd parties (vendors) and associated internal business unit preparation and execution of penetration testing services
• Review and quality assure Remediation Action Plans developed by business teams proposing countermeasures and plans for remediation of identified vulnerabilities
• Ensure security in DevSecOps and ensure compliance on regulatory security requirements activities, for example GL20
• Maintain an inventory of security documents for assurance or audit purposes
• Maintain and update the Group Penetration Testing Reporting Tracker with all relevant compliance evidence documentation
• Collaborate with Cyber Defence team to notify observed / open vulnerabilities to IT or application owners for remediation
• Communicate critical issues and status updates in a timely manner to stakeholders
• Prepare management reports to the Chief Security Officer & Management team

Qualifications:

• Minimum 4 years of experience in information security related role
• 1+ years of auditing / compliance related experience
• Knowledge of penetration testing and vulnerability testing services
• Ability to apply analytical rigor in understanding complex business scenarios
• Understanding of the latest security principles, techniques, and protocols include but not limited to Artificial Intelligence, DevSecOps
• Problem solving skills and ability to work under pressure
• Ability to provide a consistently output of superior quality
• Strong networking skills and team player
• Excellent communication skills
• Degree in information management system, information security, computer science, business, accounting or closely related field preferred, but not mandatory
• Security industry certification (i.e. CISA, CEH, OSCP, CISSP or equivalent) an advantage
• Fluent in English and Cantonese (verbal and written)

About AXA Hong Kong and Macau

AXA Hong Kong and Macau is a member of the AXA Group, a leading global insurer with presence in 51 markets and serving 94 million customers worldwide. Our purpose is to act for human progress by protecting what matters.

As one of the most diversified insurers in Hong Kong, we offer integrated solutions across Life, Health and General Insurance. We are the largest General Insurance provider and a major Health and Employee Benefits provider. Our aim is to not only be the insurer to provide comprehensive protection to our customers, but also a holistic partner to the individuals, businesses and community we serve. At the core of our service commitment is continuous product & service innovation and customer experience enrichment, which is achieved through actively listening to our customers’ needs and leveraging and investing in technology and digital transformation.

We embrace our responsibility to be a driving force against climate change and a force for good to create shared value for our community. We are proud to be the first to address the importance of mental health through different products and services and thought leading iconic research. Our overall Sustainability Strategy, with emphasis on climate strategy and biodiversity commitment, is developed based on TCFD recommendations. We are committed to integrating environmental, social and governance factors across our business and strive to contribute to a sustainable future through 3 distinct roles - as an investor, an insurer and an exemplary company.

AXA is an equal opportunity employer. We are committed to promoting Diversity and Inclusion (D&I) by creating a work environment where all employees are treated with dignity, respect, and where individual differences are valued. We welcome and treasure diverse profiles to join our big family, and to build an inclusive culture together which allows everyone to maximise their personal potential.

Our people strategies are designed to enhance employee well-being and professional growth, ultimately empowering them to excel within the company.

Click here to learn more about our Benefits (https://www.axa.com.hk/en/benefits) , Culture (https://www.axa.com.hk/en/culture-and-values), & Career Development (https://www.axa.com.hk/en/career-development).