Head of Security

We bring together the expertise, cultural diversity and creativity and we're committed to equal opportunities in all aspects of employment (gender, LGBT+, disabled persons, or people of different origins) and to promoting Diversity & Inclusion by creating a work environment where all employees are treated with dignity and respect, and where individual differences are valued.

AXA Asian Markets Services is a dynamic service company within the AXA Group, specializing in providing technology and efficient operations shared services to AXA entities primarily in Asia. Our core focus is centered around delivering exceptional support and shared applications that drive operational excellence and enhance the overall efficiency of our entities.

Headquartered in Hong Kong, AMS has offices in Manila and Kuala Lumpur, our teams of experts operate as a pan-regional community, pooling their knowledge and experience to drive meaningful change. Our goal is to support AXA entities in achieving their business ambitions by providing effective and innovative solutions.  

JOB PURPOSE

• Lead the local implementation of the Security Operating Model, agreed between Group CSO and Local CEO, in line with the Corporate CSO. Act as a key advisor to local entity senior management (CEO, CxO*, CIO, CRO) on security matters, including Information Security, Operational Resilience and Physical Security (e.g. risk management, cybersecurity, security control, monitoring, information privacy, operations, identity access management, security architecture, forensics, physical security and operational resilience)
• Act as a leader at the local entity to drive security in terms of assessment, risk appetite, reporting and promotion in an entity to advise and challenge businesses
• Drive cultural and organizational change throughout the local entity and implement a sustainable security function including the three pillars of Security (Information Security, Operational Resilience and Physical Security)
• Lead, develop and deploy a portfolio of security projects for the local entity
• Support the development of the security shared services and ensure the implementation within the local entity

KEY RESPONSIBILITIES:

• Collaborate with and support Group Security and other stakeholders as necessary to ensure that security (Information Security, Operational Resilience and Physical Security) within the local entity is relevant, cost-effective and is delivered in accordance with the Group Security Strategy
• Serve as an expert advisor to the entity leadership team in the implementation and maintenance of security
• Ensure local compliance with the security standards, instructions and strategic initiatives
• Adapts the global security strategy to the entity (taking into consideration the local regulation and specificities), defines the concrete actions leading to its execution and monitors achievement
• Ensure the achievement of the security targets in the entity, as set by Group Security
• Identify and analyze security risks, recommend appropriate mitigation options and document all components in clear, business-intelligible language
• Maintain an understanding of emerging technology, risks and industry trends.  Assess the impact on the business environment and recommend appropriate mitigation actions or the prioritization of projects and investments
• Escalate the need to redirect investment or change practices to mitigate critical risks and ensure legal, regulatory or commercial compliance
• Implement continuous improvement processes and activities (e.g. good practices, reporting, problem resolution) to ensure quality and relevance of security services
• Monitor and maintain system confidentiality, integrity and availability and manage security incidents (analysis, tracking and communications)
• Undertakes assurance to validate the effectiveness of the local security activities and controls
• Promote a culture of security and raise awareness
• Oversee the execution of security projects
• Ensure development and maintenance of auditable processes to enforce consistency within the local entity
• Identify and implement coordinated responses to security audit and compliance issues
• Develop, track and control the local security budgets (required to invest, build and run security) in agreement with the CXO and the Corporate CSO

As a world-leading insurance company, we act for human progress by protecting what matters. With 153,000 employees in 54 countries working with 105 million customers, we've created a truly dynamic and vibrant community. Inclusion and diversity link closely with our values, and together we're nurturing a culture of

respect, for each other, for our customers and the communities around us. Join AXA and you'll feel like you belong, are included and can thrive. You'll be able to shape the way you work and truly grow your potential as you seek out new opportunities, push boundaries and benefit people in critical moments of their lives. This is your chance to build the tomorrow you want. Know you can.

Education

• A university degree in security and related fields (risks management, audit, international relations, information security…)
• A post-graduate degree in security or general management (such as an MBA) is an advantage but not essential

List of preferred certifications

• Information Security and /or Information Technology industry certification (CISSP-ISSAP, CISM, ISO 27001 Lead Auditor, GIAC or equivalent)
• Business Continuity Industry certification (MBCI, DRII…)
• Physical security / Health and Safety certification (CPP, PSP, BTEC, IOSH…)

Overall work experience in the field

• Experience in security, risks management, audit or related area\: 7 to 10 years
• Leadership/ management experience\: 5 to 7 years
• Previous experience managing a remote/international team preferred
• Previous experience as interim or acting Chief Information Security Officer, Physical Security Officer, Operational Resilience
• Officer, Business Continuity Officer or extensive experience reporting to a CEO, CIO, Chief Audit Officer, Chief Risk Officer or other senior executive in an international organization