VIE - APAC Information Security Officer

AXA Investment Managers (AXA IM) has been part of the BNP Paribas Group since July 1, 2025, following the completion of its acquisition.

AXA IM is a leading global asset management firm with over 3,000 professionals and 24 offices across 19 countries worldwide. We serve a diverse international client base, including institutional investors, corporations, and individual clients, offering a wide range of investment opportunities across global markets.

Our offerings encompass both alternative assets, such as real estate participations, private debt, alternative credit, infrastructure, private equity, and private market solutions, and traditional assets, including bonds, equities, and multi-asset strategies.

AXA IM manages approximately €879 billion in assets, of which €493 billion are categorized as investments incorporating ESG (Environmental, Social, and Governance) criteria, sustainability, or impact investing. Our goal is to provide our clients with a comprehensive range of products, from traditional investments to ESG-focused strategies, enabling them to align their portfolios with their financial objectives and sustainability priorities. In a rapidly changing world, we adopt a pragmatic approach aimed at delivering long-term value to our clients, employees, and the broader economy.

The Asia Pacific (APAC) Information Security (IS) Officer is supporting the global IS team for topics in AXA Investment Managers sites in APAC.

He/she contributes to local regulation watch, security risk assessments, awareness and incident management in the region and in AXA IM global organisation.

Be the relay between AXA IM APAC sites and AXA IM global organization with timely communication and adequate topics prioritisation by local and global teams.

• Maintain continuous cybersecurity watch (technological, news, laws, regulation, etc.) that might affect AXA IM businesses, operations, IT, and security.
• Assess impacts on AXA IM activities, Information Security Management System and Information and Communication Technologies with relevant teams.
• Contribute to the action plan definition to ensure compliance with those requirements. Follow-up, and report on the implementation progress.
• Ensure AXA IM IS management system and documentation is maintained up to date and include APAC necessary controls. Contribute to the drafting of relevant APAC IS policies and procedures documents.

• Be the privileged contact for Information Security related questions in APAC for business departments and report on local security topics to APAC governance bodies and committees.
• Be the privileged contact for APAC questions for members of the Security teams.
• Contribute to the assessment of security risks affecting AXA IM departments and user sites, especially over APAC, to maintain a comprehensive view of security risks affecting AXA IM as an organization.
• Support security team for assessing risks of vendors and 3rd parties in APAC by performing security Due Diligence assessment and reviewing contractual security clause.
• Monitor security risks of critical 3rd parties for AXA IM businesses in APAC.

• Help in the definition of IS trainings adapted to specific business population and top management.
• Deliver the Information Security awareness for APAC staff, such as animating sessions for new joiners’ sessions, for travellers, etc.
• Coordinate with APAC stakeholders and global Security Incident Response Team (SIRT) during a security incident by ensuring adequate prioritisation and stepping in the gap due to the time zone difference.
• Provide operational support to the SIRT with the local APAC knowledge in case of incident.
• Assist the team to allow the proper execution of the incident response process from detection to resolution of the incident, including the monitoring and coordination of remediation actions.

• Work with technical experts to identify security solutions and processes to better manage data classification and data leakage.
• Coordinate, follow and report on the projects progress to grant visibility to the management to ensure progress.
• Conduct second-line controls over control design and effectiveness, supported by evidence collection across applicable security activities.
• Assist control owners with evidence gathering, control testing schedules, remediation tracking and escalating gaps.

• Master's degree‑level education or equivalent
• A recognized information security certification (e.g., ISO 27005, ISO 27001, CISSP) is a plus.

• Experience in Information Security, including an experience in Information Security incident management.
• Experience in a financial service institution or in an asset manager is a plus.

• Knowledge of ISO 27001, management of an Information Security Management System (ISMS), Information Security risk assessment.
• Knowledge in IT security: architecture security, network security, system security, forensic, vulnerability management, etc.
• Good understanding of an Information System, its underlying IT and architecture principles for both Cloud and on‑premises.
• Fluent in both English and French.

• Capacity for restitution to non-technical audiences
• Adaptability to report to various levels of interlocutors
• Teamwork
• Client focus
• Resilient to pressure