Security Officer

ResponsibilitiesServing as the primary contact for the operational activities related to Cyber Defense within the Entities/OpCo’s.Deliver day-to-day security operations management and reporting as the 1st line of defense (execution). That includes managing related cybersecurity request, incident, change request and resolution management for services in scope.Oversee and drive the processes in various domain: infrastructure security operations, security incident and crisis management, audit remediations, and vulnerability management.Ensure comprehensive coverage and reporting of all security tool implementations across all in-scope assets.Monitor, report on, and drive compliance with operational SLAs, KPIs, and KRIs for subscribed services, coordinating with relevant stakeholders.Act as the extension of the Cyber Defense Global team, delivering tools and services to entities/opco’s.Serve as the primary security operations contact within Group Operations, collaborating across organizational boundaries (e.g., OpCo’s, Solution Delivery, regional and local CISOs, vendors, etc.).Function as the Security Operations Subject Matter Expert (SME) to detect, respond to, and defend AXA against malicious actors and threats.Oversee security monitoring and the incident lifecycle, including executive and client communications, direct resource management and coordination, and end-to-end process oversight from detection to post-mortem and root-cause analysis (RCA).Ensure and enforce information security relevant controls and process across the AXA entities.Participate as required in global security programs and projects to deliver assigned objectives.Contribute to audit relevant investigations and their management action plans to remediate the discovered risks.Act as a security advocate to promote security policies and culture / mindsetAct as a security advisor to the relevant stakeholders on security mattersParticipate and support local Security Programs and ProjectsContribute to rapid incident response by recommending and prioritizing appropriate responses and by contributing to the lessons learned and post-incident activitiesWe are looking for someone with the following experience and skills:ExperienceDiploma or Bachelor’s degree in Computer Science, IT, Engineering, or related fieldsExperience in IT > 15 yearsExperience in IT Security > 10 yearsProven experience in running Security Operations and project works in the following categories below.In-depth knowledges of infrastructure and application vulnerabilities, architectures and challenges.Information Security and/or Information Technology industry certification like CISSP, CCSP, CISM, CISA, CEH, GCIH, GCIA, OSCP, and etc, is a plusExperience on Cloud Security is a plusTechnical skillsCross-cultural sensitivity and flexibility. Appreciate diversity and inclusiveness.Experience with security operations, risk and service delivery frameworks.Familiar with local and regional regulatory requirements for entitiesKnowledge of information security best practices, architecture, standards and threat landscapeCustomer-centric and strong service delivery skills with escalation management capabilitiesStrong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, works effectively as a team playerOrganized with a proven ability to prioritize workload, meet deadlines, and utilize time effectivelyAble to translate technical requirements and communicate at all levelsApply analytical rigor to understand complex business scenariosAbility to function effectively in a matrix structure.Ability to function with minimal supervisionSubject Matter Expert for the following in-scope security services below.Infrastructure Security (Mandatory)Network Security - at least intermediate knowledges for minimum 3 solutionsFirewall review and assessmentIntrusion Prevention System (IPS)DDoS protectionSecure Web Access (Proxy)Web Application Firewall (WAF)End-Point Security - at least intermediate knowledges for minimum 2 solutionsMalware Protection (Anti-Virus, Anti-Malware)Data Security - basic knowledgesEncryptionSecurity Incident Management (Mandatory)SIEM - basic knowledgesSecurity Incident Handling/Response - intermediate knowledgesApplication Security & Vulnerability Management #J-18808-Ljbffr