This position reports into the Cybersecurity Services Governance team lead and is pivotal in governance activities over the cloud environment and is responsible for automation/orchestration of administrative tasks, and enforcement of governance policies in our multi-cloud environments. The work will focus on assisting the governance Cybersecurity Center of Excellence to build a strong security governance framework including supporting and enhancing alignment to existing process best practices & standards; driving security-first approach to reduce risk for the company, improve accountability, security, scalability, and increase business agility. Candidate must have experience in information security and have supported or worked with cloud-based systems and applications.
- Will be an active member of an Agile squad focused on building a mature public and private cloud security capability within IT
- Actively monitor security violations and vulnerability reports for cloud applications, perform root-cause and trend analysis, and provide recommendations for security control enhancements
- Implement Cybersecurity Center of Excellence governance objectives in a consistent, repeatable, and automated way across multiple cloud environments with an emphasis on AWS and Azure
- Identify security opportunities and assist in defining the strategies for Identity and Access Management, Key Management, Vulnerability Management, and Data Encryption for cloud solutions
- Contribute to build effective security monitoring, logging, and auditing for cloud environments. Drives maturity of cloud security services by identifying meaningful outcome-based metrics to highlight cloud related risks
- Work closely with other groups to elevate our posture to cloud services thru improved security and standard methodologies
- Provide cloud governance guidance to business owners, applications development and testing teams, and procurement, and other support groups
- Maintains professional and technical process knowledge by keeping abreast of the latest industry-standard methodologies
- Aligns risk and control processes into day to day responsibilities to monitor and mitigate risk; raises appropriately
- Minimum of 6 years of related experience
- Bachelor’s degree required. Masters preferred.
- Experience in Information Security GRC (governance, risk and compliance), especially in domains such as Vulnerability Management/Threat Management, Identity & Access Management, Risk Management, Certificate Management, Application Security Management, Security Information & Event Management (SIEM)
- Working knowledge of the AWS Application Hosting services (EC2, containers, serverless, storage, etc.)
- Must have strong knowledge on Cloud Security/Infrastructure and should experience to govern policies and procedures with regards to cloud governance
- Hands on expertise with auditing of cloud environment and ability to assist in defining and updating Information Security Policies/Standard as per industry best practices and regulatory requirements.
- Ability to collaborate and drive discussions with senior personnel regarding trade-offs, best practices, project management and risk mitigation.
- Has deep understanding of risk management principles and standards (ISO 27001/ISMS, PCI, COBIT, NIST) to recommend methods to mitigate risks with standard control mechanism.
- Expertise on performing periodic control gap assessment or internal/vendor security assessment on systems & technologies
- Experience with cloud security monitoring tools such as Dome9 and ability to define and present security risk metrics/data, desired
- Information Security Certifications (CISSP, CISA, CISM, ISO 27001, COBIT, CRISC, AWS Certified Cloud Practitioner, CCSP ) is a plus
- Good to have hands on experience with any of the GRC tools like MetricStream, Archer, ServiceNow, JIRA