Assistant Manager, Information Security

Responsibilities: Provide security advisory on solution architecture, business requirements, and security-related enquiries, including AI/ML use cases and network designs

Lead security architecture reviews to ensure systems, applications, AI services, and networks align with Group security policy and industry standards

Conduct security risk assessments on technology solutions and technical controls, covering application, infrastructure, AI/ML models and pipelines, and network exposures; define remediation plans and risk treatments

Ensure security in DevSecOps security, infrastructure and application security, including integrate security controls in CI/CD, IaC, containers/Kubernetes, service mesh/mTLS, secrets management, and vulnerability management

Support internal & external security audit/compliance assessments, and devise mitigation measures to address findings effectively Security Incident management and support 1st line to ensure timely detection, response, and resolution of security incidents

Periodically review and update security policies, standards, and operating procedures for control enhancement

Prepare management reports to Chief Security Officer & Management team

Qualifications: 4+ years of professional experience in information security, security risk management, or a related field

Bachelor’s or Master’s in Computer Science, Information Security, Engineering, or related field Strong understanding of cloud security principles and best practices, with hands-on experience securing cloud environments such as Azure and AWS

Knowledge of DevSecOps practices and application security, including secure coding standards, vulnerability assessments, and secure deployment methodologies

Strong threat modeling, secure design, and incident response skills; excellent communication and stakeholder management

Experience participating in or coordinating Red Team/Blue Team exercises, penetration testing, and threat intelligence simulations is a plus

Fluent in English, both verbal and written

Relevant certifications such as CISSP, CISA, OSCP, CEH, ISO 27001, cloud security certifications (AWS/Azure/GCP) or similar are advantageous

About AXA Hong Kong and Macau AXA Hong Kong and Macau is a member of the AXA Group, a leading global insurer with presence in 50 markets and serving 95 million customers worldwide

Our purpose is to act for human progress by protecting what matters

As one of the most diversified insurers in Hong Kong, we offer integrated solutions across Life, Health and General Insurance

We are the largest General Insurance provider and a major Health and Employee Benefits provider

Our aim is to not only be the insurer to provide comprehensive protection to our customers, but also a holistic partner to the individuals, businesses and community we serve

At the core of our service commitment is continuous product & service innovation and customer experience enrichment, which is achieved through actively listening to our customers’ needs and leveraging and investing in technology and digital transformation

We embrace our responsibility to be a driving force against climate change and a force for good to create shared value for our community

We are proud to be the first to address the importance of mental health through different products and services and thought leading iconic research

Our overall Sustainability Strategy, with emphasis on climate strategy and biodiversity commitment, is developed based on TCFD recommendations

We are committed to integrating environmental, social and governance factors across our business and strive to contribute to a sustainable future through 3 distinct roles - as an investor, an insurer and an exemplary company

AXA is an equal opportunity employer

We are committed to promoting Diversity and Inclusion (D&I) by creating a work environment where all employees are treated with dignity, respect, and where individual differences are valued

We welcome and treasure diverse profiles to join our big family, and to build an inclusive culture together which allows everyone to maximise their personal potential

Our people strategies are designed to enhance employee well-being and professional growth, ultimately empowering them to excel within the company

Click here to learn more about our Benefits (https://www.axa.com.hk/en/benefits) , Culture (https://www.axa.com.hk/en/culture-and-values), & Career Development (https://www.axa.com.hk/en/career-development).