Qualities
- Great analytical and critical thinking skills
- Ability to interact with personnel across all business units, customers, and third parties
- Good written and verbal communication skills – Post-secondary level of English proficiency is preferred
- Passionately driven and eager to carry out task while working independently and on a team
Requirements
Tasks and Responsibilities
- Serves as the technical expert for security solutions within the organizational IT virtualization environments to include private, public, and hybrid workspaces. (Nutanix, VMWare, IBM, Oracle, Azure, AWS, GCP).
- Demonstrate expert knowledge of Microsoft Azure cloud services security features such as Azure Security Center, Windows Defender, Compliance Center, Sentinel, and Microsoft 365 workloads.
- Work closely with the security engineering and IT teams to ensure optimal deployment of sensors and systems are achieved for accomplishing security program objectives on premise and in the cloud.
- Leverage analytic experience to effectively conduct risk assessments across various platforms and infrastructure for reducing risk to organizational assets in virtual environments.
- Enhance workflow and processes for integrating security requirements into IT project management and SDLC processes and programs.
- Manage and collaborate with vendors and contractors on cloud security assessments and audits to ensure regulatory and company policy requirements are satisfied.
- Provide leadership and guidance on cloud solutions to personnel across both operational and strategic levels, as well as third party contractors and vendors.
- Document and diagram organizational cloud computing resources, networks, systems, and applications to enhance asset management and accountability of virtual resources.
- Operate as a member of the enterprise Information Security Organization and also Enterprise Risk Management teams in support of overall protection and assurance of data and technology.
- Communicate cloud concepts to both technical and non-technical audiences across different units within the organization for improving cloud governance.
- Participate in Application Development (AppDev) and DevOps projects and initiatives to implement security controls and procedures into the development lifecycle (DevSecOps, SSDLC, CI/CD, etc.).
- Facilitate management and oversight of other cloud service provider technologies and solutions in the environment, to include security assessments and evaluations (e.g. Amazon AWS, Google Cloud Platform, IBM, and Oracle).
Required
- Bachelor's or master's degree in computer science, information security, information technology, or a related field.
- Min. 3-5 years’ experience working as a cloud solutions architect or similar role leading theHands-on experience with diagraming and documenting public, private, and hybrid cloud networks, systems, applications, and resources.
- Experience with popular information security frameworks, such as International Organization for Standardization (ISO) 27001, National Institute of Standards and Technology (NIST), CSI CSC 20, etc.
- In-depth knowledge and understanding of information security risk management concepts and principles.
- Ability to translate Information Security policies and procedures into language that a business and/or technical person can understand and ability to effectively communicate with both non-technical and technical people
- Strong problem solving with the ability to methodically and objectively analyze and resolve Information Security challenges across multiple business teams.
Preferred
- Experience working in Information Security practices within the Financial Services industries and sectors to include banking, insurance, asset management, lending, and other sectors.
- Working knowledge and comprehension of common Financial Services regulatory bodies and frameworks (FFIEC, SOX, GLBA, PCI-DSS, NYDFS, etc.)
- Recognized industry security certifications and credentials specific to cloud security and risk management (CISSP, CCSP, CISM, CRISC, CISA, GIAC/SANS, Cloud Security Alliance, AWS/Azure, etc.)
- Advanced demonstrated proficiency in deploying Infrastructure-as-a-Service, Platform-as-a-Service, Software-as-a-Service, and other on-demand cloud computing solutions. (Azure Blueprints, Azure Resource Management, PowerShell/Bash, and other DevOps/Infrastructure-as-Code tools.)
- Strong communication skills across business units while working in remote operations
- Documentation and diagram experience using common SDLC or security tools (Visio, VisualParadigm, Microsoft Project, etc.)
