Overview

This position reports into the Cybersecurity Services Governance team lead and is pivotal in governance activities over the cloud environment and is responsible for automation/orchestration of administrative tasks, and enforcement of governance policies in our multi-cloud environments. The work will focus on assisting the governance Cybersecurity Center of Excellence to build a strong security governance framework including supporting and enhancing alignment to existing process best practices & standards; driving security-first approach to reduce risk for the company, improve accountability, security, scalability, and increase business agility. Candidate must have experience in information security and have supported or worked with cloud-based systems and applications.

Responsibilities

  • Will be an active member of an Agile squad focused on building a mature public and private cloud security capability within IT
  • Actively monitor security violations and vulnerability reports for cloud applications, perform root-cause and trend analysis, and provide recommendations for security control enhancements
  • Implement Cybersecurity Center of Excellence governance objectives in a consistent, repeatable, and automated way across multiple cloud environments with an emphasis on AWS and Azure
  • Identify security opportunities and assist in defining the strategies for Identity and Access Management, Key Management, Vulnerability Management, and Data Encryption for cloud solutions
  • Contribute to build effective security monitoring, logging, and auditing for cloud environments. Drives maturity of cloud security services by identifying meaningful outcome-based metrics to highlight cloud related risks
  • Work closely with other groups to elevate our posture to cloud services thru improved security and standard methodologies
  • Provide cloud governance guidance to business owners, applications development and testing teams, and procurement, and other support groups
  • Maintains professional and technical process knowledge by keeping abreast of the latest industry-standard methodologies
  • Aligns risk and control processes into day to day responsibilities to monitor and mitigate risk; raises appropriately

Qualifications

  • Minimum of 6 years of related experience
  • Bachelor’s degree required. Masters preferred.
  • Experience in Information Security GRC (governance, risk and compliance), especially in domains such as Vulnerability Management/Threat Management, Identity & Access Management, Risk Management, Certificate Management, Application Security Management, Security Information & Event Management (SIEM)
  • Working knowledge of the AWS Application Hosting services (EC2, containers, serverless, storage, etc.)
  • Must have strong knowledge on Cloud Security/Infrastructure and should experience to govern policies and procedures with regards to cloud governance
  • Hands on expertise with auditing of cloud environment and ability to assist in defining and updating Information Security Policies/Standard as per industry best practices and regulatory requirements.
  • Ability to collaborate and drive discussions with senior personnel regarding trade-offs, best practices, project management and risk mitigation.
  • Has deep understanding of risk management principles and standards (ISO 27001/ISMS, PCI, COBIT, NIST) to recommend methods to mitigate risks with standard control mechanism.
  • Expertise on performing periodic control gap assessment or internal/vendor security assessment on systems & technologies
  • Experience with cloud security monitoring tools such as Dome9 and ability to define and present security risk metrics/data, desired
  • Information Security Certifications (CISSP, CISA, CISM, ISO 27001, COBIT, CRISC, AWS Certified Cloud Practitioner, CCSP ) is a plus
  • Good to have hands on experience with any of the GRC tools like MetricStream, Archer, ServiceNow, JIRA