Application Cyber Security Officer

Job Purpose:

The Application Cyber Security Officer is responsible in assisting the IT Operations and Security Head in the effective implementation of Information Security program and mandate to ensure the confidentiality, integrity, and availability of AXA Philippines’ corporate information assets with focus on applications.

Key Accountabilities:

• Enforce Security by Design on all phases of Software Development Life Cycle.

• Monitor and validate progress on the remediation implemented to address outstanding issues/vulnerabilities

• Manages internal and external VAPT engagements conducted by external vendor. Ensures closure of audit finding.

• Review result and methodology from vulnerability scan and penetration test conducted by vendor

• Perform manual or automated tests to validate remediation

• Perform technical and security reviews on assets impacting operations of applications

• Work with internal teams to resolve security findings on applications

• Take the corrective action needed to meet the standards required by security policy, procedures, network architectures and software design

• Promote security awareness program on secure coding and systems development life cycle

• Other tasks or duties that may be assigned in line with the Information Security Program

Key Customers:

• Local Users of AXA applications

• IT Service Delivery Team and Solution Delivery Teams

• Business owners and Product owners

• Vendors

• Auditors

• Regional/Group Security

• Dev team

Working Relationships within Business Unit:

• Work with CSO, CIO, IT Operations and Security Head, IT Security Director and Group Operations Security Leaders to gain a clear understanding on the overall corporate direction with regards to security initiatives and control implementation.

• Work with regional and local IT team heads to ensure they carry out the planned actions and projects to mitigate IT security risks.

• Work with business department heads to ensure that security is taken into consideration and implement the required actions that fall within the business area.

• Work with Regional/Group audit team for Pen test report

• Coordinates with the application developers and owners for remediation

Qualifications:

• University degree in Computer Science or related fields.

• Knowledge of software designs and how to secure them

• Knowledgeable in VAPT tools

• Knowledge in analyzing and securing web and API / application designs

• Experience in application security / assurance testing

• Knowledgeable in Top 10 OWASP

• Ability to audit vulnerabilities and mitigate risks

• Background in managing and protecting systems against threats

Experience:

• A minimum of two-year experience either a combination of the following field of Information Security, Technology Risk, or IT Audit.

• Able to develop a clear understanding of clients and customers’ technology needs.

• Understand the linkage between information technology and business value.

• Conversant and knowledgeable on the latest technology innovations and possibilities, understanding how key technologies can help address security issues.

• Strong ability to prioritize to achieve target dates.

• Possesses excellent verbal and written communication and presentation skills in English.

Optional/Good to Have:

• Knowledgeable in ISO standards 27001/27002 is a plus

• CompTIA PenTest+, CISSP, CISA, CEH, GCIH or GPEN certification would be a plus

• Understand technologies and issues on systems reliability, security, and disaster recovery

Note: Hybrid working schedule will be 3x a week onsite in Makati & 2x a week work from home.