IT Security Engineer

MAIN PURPOSE OF JOB: IT Security Engineer is responsible for developing and implementing

comprehensive IT risk strategies aligned with AXA AMS and AXA Group. Key

duties include identifying and analyzing technology risks, recommending

mitigation measures, and ensuring compliance with legal and regulatory

requirements.

KEY ACCOUÑTABILITIES:

Ensure IT Risk Strategy, Risk Appetite and action plans are formulated/ implemented to meet AXA Group and NIST IT requirements/expectations which includes formulating frameworks for

Technology Risk Management, Cloud Risk Management and Cyber

Resiliency.

Identify and analyze risks and recommend appropriate mitigation

options.

Escalate the need to change practices to mitigate critical risks and

ensure legal and regulatory compliance.

Reviewing business cases and budget submissions to ensure that information security requirements are addressed and adequately resourced.

Propose continuous improvement processes and activities to ensure quality and relevance of information security practices.

Defining and implementing performance metrics to evaluate the effectiveness of information security programs.

Monitor and maintain system confidentiality, integrity and availability and

manage information security crisis/incidents.

Perform control testing to evaluate design and effectiveness, by adhering

to Group standards.

Promote appropriate risk culture, awareness and organizational change

for a more sustainable information security practice.

Oversee the execution of information security projects in collaboration

with IT, Security, Risk and Compliance and advise senior management

on technology risk & security practices.

Provide independent views on third party assessments when necessary.

QUALIFICATIONS:

  Possesses strong knowledge in technology and cyber risks and regulatory policies like NIST/ISO 27001.

Minimum 5-7 years of relevant experience, preferably in Financial

Industry.

Excellent commuñication and organizational skills.

Have holistic multi-domain knowledge like Enterprise architecture,

Infrastructure, Cybersecurity, Cloud etc.

Uñderstands IT project management lifecycle, to be able to identify

project risks beyond technical risks.

Familiar with emerging technology like Artificial Intelligence, Quantum

Computing etc.

Strong team player with very good interpersonal and relationship building

skills.

Independent, pragmatic and result-orientated with right attitude and

analytical skills.

- Strong uñderstanding of DAST (Dynamic Application Security Testing) processes, including tool setup, scan configuration, triage, and remediation tracking

- Ability to differentiate between Vulnerability Management (VM) and Penetration Testing (PenTest), including scope, methodology, frequency, and expected deliverables for each.