Main Purpose Of Job

The Application Security is responsible in assisting the IT Security Head in the effective implementation of Information Security program and mandate to ensure the confidentiality, integrity, and availability of AXA Philippines’ corporate information assets.

Key Accountabilities

• Bring support on infrastructure related security topics and ensure reliability of local entities feedback by performing security assurance testing
• Enforce application security initiative and implement security in Project Development Life Cycle (which includes Software Development Life Cycle)
• Monitor and validate progress on the remediation implemented to address outstanding issues/vulnerabilities
• Manages internal and external VAPT engagements conducted by external vendor. Ensures closure of audit finding.
• Review result and methodology from vulnerability scan and penetration test conducted by vendor
• Perform manual or automated tests to validate remediation
• Perform technical and security reviews on servers, network devices, and applications
• Work with internal teams to resolve security findings
• Take the corrective action needed to meet the standards required by security policy, procedures, network architectures and software design
• Ensure a seamless remediation response to the needs of business units, IT managers, and local and Group security managers
• Promote security awareness program on secure coding and systems development life cycle
• Review vulnerabilities and threats of applications and software before installation
• Other tasks or duties that may be assigned in line with the Information Security Program
  
  

Key Customers

• Local Users (AXA Life and AXA GI)
• Corporate Security Team
• Business owners and Product owners
• Vendors
• Auditors
• Regional/Group Security
• Dev team
• AXA GO, if applicable
  
  

Working Relationships Within Business Unit

• Work with CSO, CIO, IT Security head and Regional Head of Security to gain a clear understanding on the overall corporate direction with regards to security initiatives and control implementation.
• Work with regional and local IT team heads to ensure they carry out the planned actions and projects to mitigate IT security risks.
• Work with business department heads to ensure that security is taken into consideration and implement the required actions that fall within the business area.
• Work with Regional/Group audit team for Pen test report
• Coordinates with the developers for remediation