Operations Security Manager

Location MALAYSIA
Experience level Expérimentés
Job details sector Informatique

Job purpose:

  • Lead, manage and drive effective teamwork, communication, collaboration and commitment to deliver application/infrastructure operations information security processes and policies across Asia
  • Own, manage, improve and delivery Information Security Operation Processes & Controls
  • Manage and develop high-performance Security Operations team in close collaboration with all technical towers and application teams
  • Manage a consolidated view of security issues and remediation plans and report on this
  • Lead and manage remediation activities for major security incidents
  • Ensure Security Compliance and effective processes across application and infrastructure
  • Own, manage and enhance Security Capabilities and tooling which enables operational efficiency for all relevant Information Security areas applicable
  • Act as single point of contact within Service Delivery organization for any operational Information Security related topic, collaborate across organizational boundaries (e.g. Solution Delivery, Regional & local CISO’s, Operating Companies, Vendors, etc.)
  •  Contribute to and act as consultant for Security Programs/Projects
  • Mange Audit Risks and related risk mitigation plan
  • Ensure best in class Security Operations

 

Job Description:

  • Collaborate with Information Security and Regional Operations to scope the security risk management and reporting requirements from Asia IT risk management framework.
  • Collaborate with Regional Information Security and Regional Operations to identity and select tools to collect, analyses and track security risks.
  • Collaborate with Regional Information Security, Solution & Service Delivery to define a security risk assessment plan and schedule.
  • Collaborate with Regional & Local Information Security Specialist, Service Delivery and Solution Delivery Specialists to socialize security risk assessment schedules and requirements with stakeholders, including third party service providers.
  • Conduct security risk assessment using tools to capture and record operational security risks
  • Collaborate with Regional Information Security and engage with Solution Delivery & Service Delivery teams to walkthrough the security vulnerabilities and seek mitigation action plans with timelines for each of security vulnerability in line with the defined SLA
  •  Ensure all committed security vulnerabilities mitigation plans are recorded and captured accurately in the agreed and defined management tools.
  • Ensure a consolidated security vulnerability report is published to all regional and local CISO and wider Asia IT stakeholders.
  • Ensue regular security vulnerability remediation follow-ups are done to capture and report the progress of the remediation plans.
  •  Publish regular monthly status reports on all security vulnerability items and the status of the remediation to regional and local CISO, local CIOs, COOs and other Asia IT stakeholders.
  • Collaborate with Regional Security and escalate to Head of Regional Operations on lack of progress.
  • Collaborate with Group Operational risk team to share all security vulnerabilities that have potential for Group wide impact.
  • Participate as required in security programs and project to deliver local & regional objectives
  • Contribute to Information Security Audits and drive remediation of identified risks in line with management action plans
  • Ensure and enforce Information Security relevant controls and process across the Asian region
  • Manage IT Security Risks and their mitigation plans
  • Embed research & development capabilities within the team to drive improvements across the Cybersecurity treat & risk landscape

Education:

  • Bachelor’s degree in computer science, Engineering, or related field. ✓ An MSc Information Security would be desirable but is not essential

 

Certifications:

  • In depth experience of Security domains, architectures and issues.
  • Information Security and/or Information Technology industry certification like CISSP, CISM, CISA, CEH, GCIH, GCIA, OSCP, etc.

 

Overall work experience in the field

  •  Experience in leading medium to small teams > 2 years
  • Experience in Information Security field > 6 years
  • Experience in security architecture > 3 years
  •  Experienced in developing information security remediation requirements for vulnerabilities
  • Experience in delivering messages to technical teams, CISO, CIO and business audiences
  • Experience in identifying and classifying cyber security treat vectors and the associated risks
  • Sensible to the risks associated with identified security vulnerabilities and their required timing for remediation
  •  Experience in identifying, selecting and implementing appropriate technology to enhance information security incident response, detection and prevention capabilities
  • Experienced with Security Information and Event Management (SIEM) tools like ArcSight, CyberArc, QRadar, Splunk, X-Ray, etc.
  •  Knowledge of IS 27001 and sub sequential ISO definitions and standards applicable to information security
  • Experienced with DLP and relevant data classification frameworks
  •  Experienced in working with project and program teams
  •  Experienced in managing and applying security protocols/policies to various areas of application and infrastructure technologies
  • Programming and scripting skills

Would you like to wake up every day driven and inspired by our mission of acting for human progress by protecting what matters? Here at AXA we strive to be a responsible employer, placing employee engagement at the heart of its business strategy. Achieving this means creating a workplace built on AXA's Values that foster diversity and equal opportunities for all, promotes employee participation, encourages professional development, and supports employee well-being.

We are looking for talented individuals who come from varied backgrounds, think differently and want to be part of this exciting transformation by challenging the status quo so we can push AXA - a leading global brand and one of the most innovative companies in our industry - onto even greater things.

In a fast-evolving world and with a presence in 57 countries, our 160,000 employees anticipate change to offer services and solutions tailored to the current and future needs of our 108 million customers.


AXA is becoming a sustainable tech-led company and at AXA Group Operations we are one of the major catalysts for this transformation. 

We set the tone by triggering and empowering the evolution of our insurance business model through technology and innovation, driving its concrete implementation globally at speed, with a high quality of advisory and execution.

We are present across 17 countries with committed, highly qualified teams. We leverage technology, data, sourcing, security and investment allocation in a global way, but also achieve economies of scale and synergies when necessary.

At AXA Group Operations, we want to be recognized in three fields of action:

  • State-of-the-art Data Technology to drive customer experience
  • State-of-the-art Procurement & Sourcing to drive efficiency and better manage risks
  • High-Performing Global Team for stronger partnerships with AXA entities 

We bring together the expertise, cultural diversity and creativity of over 8,000 employees worldwide and we’re committed to equal opportunities in all aspects of employment (gender, LGBT+, disabled persons, or people of different origins) and to promoting Diversity & Inclusion by creating a work environment where all employees are treated with dignity and respect, and where individual differences are valued.