Cloud Security Services is hiring a
Cloud Infrastructure Security and Controls Manager in Worldwide

Summary

The job description is for an Infrastructure Security and Controls Manager within the Information Security & Risk Management (ISRM) organization. The role involves managing security and internal controls in support of Technology Services (TS), focusing on hybrid cloud and end-user infrastructure. The position is a 6-month project with potential for full-time employment.

Requirements

• 6+ years of Information Security/ IT Risk Management/IT experience with growing technical responsibilities
• Demonstrated proficiency in info security, and cloud computing domains as evidenced by industry certifications, including understanding of traditional and emerging threats with particular emphasis in Information Security controls and technologies to reduce operational and security risk covering AWS, Azure, GCP and/or M365
• Knowledge, understanding, and technical proficiency in cloud technologies/services (Virtual Private/Hybrid Cloud, SaaS, IaaS, PaaS, DBaaS) and the appropriate controls and processes to secure them or reduce risk
• Effectively works with virtual, global teams – including diverse groups of people with multifaceted backgrounds and cultural experiences
• BA/BS in Information Technology/Information Security or minimum university degree equivalent

Responsibilities

• Serves as the Information and Security Risk Management (ISRM) expert in supporting internal TS teams, projects and internal control audits focusing on client’s hybrid cloud and end user infrastructure
• Provides expertise in security and internal controls to ensure that technology solutions meet requirements and standards
• Assists in the creation of the strategy and leads the implementation of the risk management approach for projects and develops processes for effective risk management
• Ensures proper security and controls are built into TS tools, vendors, applications and services by providing technical expertise, evaluation, assessment and consultation
• Proactively assesses the impact of regulatory and other security and internal control changes on TS and IT processes and advises management on the implications of costs, performance issues, risks and business needs
• Leads audit preparation activities, ensures audit readiness, hosts and supports audits (depending on function), and explains risk management tools and methodologies
• Analyses technical business and competitive issues and discerns their implications for risk management
• Supervises contracting resources in the completion of work related to areas project and audit responsibilities previously listed
• Consults on security decisions for the multi (AWS, Azure, GCP) cloud environment as well as end user product and services, ensuring business continuity and protection of data
• Analyzing architectures developed by client TS cloud platform teams
• Input to the security strategy and leading the implementation of the risk management approach for services provided by these platforms
• Ensuring proper security and controls are built into the tools, vendors, platforms, applications, and services by providing technical expertise, evaluation, assessment, and consultation
• Anticipating risks and issues of technical complexity based on understanding of business trends and the goals and objectives of the TS Infrastructure community
• Define assurance to policies by use of Cloud security posture tools and processes
• Participates in enterprise and industry workgroups to craft the strategy for securing cloud environments
• Provides technical expertise to risk management activities for meeting regulatory, security and business requirements
• Evaluates and ensures the resolution of technical security issues, internal control issues, critical incidents and/or crisis resolution management, escalating as necessary
• Shares knowledge of future trends, tools, procedures and systems in security, internal controls and risk management
• Reviews or prepares reports or documents on risk management to be communicated to TS, IT and management in complex situations
• Proactively manages partner expectations at the manager level and above, advising on optimal approaches and resolving conflicts between internal controls, information security requirements, compliance and project/business constraints
• Assists in creation of forums, benchmarking analyses, and processes that result in improvement, information sharing and innovation across enterprise
• Develops networks of internal and external business partners, suppliers, the technical/legal community and consultants
• Develops and maintains business partner relationships with TS IT and Business stakeholders. Accountability for Security and Internal Controls and highly technical TS Infrastructure projects
• Establishes partnerships with Cloud vendor engineers, technical staff and/or security professionals
• Makes hiring recommendations
• Trains employees
• Recommends budget amounts

Preferred Qualifications

• MS and/or advanced degree preferred
• Information Security & Risk Management certifications preferred
• Working knowledge of COBIT and / or ITIL is preferred
• Knowledge of key business processes preferred