Cloud Infrastructure Security and Controls Manager
Cloud Security Services is looking for an Infrastructure Security and Controls Manager within the Information Security & Risk Management (ISRM) organization for our client. The Manager will have responsibilities for security and internal controls in support of Technology Services (TS). This is a 6-month project with the possibility of going full-time for the right candidate.
Responsibilities:
The Manager, Infrastructure Security & Controls will serve as the Information and Security Risk Management (ISRM) expert in supporting internal TS teams, projects and internal control audits focusing on client’s hybrid cloud and end user infrastructure. Serves as the ISRM technical subject matter expert and have direct interaction with TS employees, contractors and vendors. Provides expertise in security and internal controls to ensure that technology solutions meet requirements and standards. Serves as a technical mentor to TS peers as well as junior members of internal staff.
• Provides subject matter expertise to TS infrastructure project teams where IT risk management issues are involved, have potential implications for the business, and/or impact regions or functions, regulatory areas or technology platforms. Assists in the creation of the strategy and leads the implementation of the risk management approach for projects and develops processes for effective risk management.
• Ensures proper security and controls are built into TS tools, vendors, applications and services by providing technical expertise, evaluation, assessment and consultation.
• Proactively assesses the impact of regulatory and other security and internal control changes on TS and IT processes and advises management on the implications of costs, performance issues, risks and business needs
• Leads audit preparation activities, ensures audit readiness, hosts and supports audits (depending on function), and explains risk management tools and methodologies. Facilitates in the delivery of information and response and remediation to audit observations for internal and external audits.
• Analyses technical business and competitive issues and discerns their implications for risk management.
• Supervises contracting resources in the completion of work related to areas project and audit responsibilities previously listed.
Additional duties, including but not limited to:
• Consult on security decisions for the multi (AWS, Azure, GCP) cloud environment as well as end user product and services, ensuring business continuity and protection of data
• Analyzing architectures developed by client TS cloud platform teams
• Input to the security strategy and leading the implementation of the risk management approach for services provided by these platforms.
• Ensuring proper security and controls are built into the tools, vendors, platforms, applications, and services by providing technical expertise, evaluation, assessment, and consultation
• Anticipating risks and issues of technical complexity based on understanding of business trends and the goals and objectives of the TS Infrastructure community
• Define assurance to policies by use of Cloud security posture tools and processes
• Participates in enterprise and industry workgroups to craft the strategy for securing cloud environments
• Provides technical expertise to risk management activities for meeting regulatory, security and business requirements
• Measure assurance to policies by use of Cloud security posture tools and processes
• Evaluates and ensures the resolution of technical security issues, internal control issues, critical incidents and/or crisis resolution management, escalating as necessary
• Proactively assesses the impact of regulatory and other security and internal control changes on IT processes and advises management on the implications of costs, performance issues, risks and business needs
• Shares knowledge of future trends, tools, procedures and systems in security, internal controls and risk management
• Reviews or prepares reports or documents on risk management to be communicated to TS, IT and management in complex situations
• Proactively manages partner expectations at the manager level and above, advising on optimal approaches and resolving conflicts between internal controls, information security requirements, compliance and project/business constraints
• Assists in creation of forums, benchmarking analyses, and processes that result in improvement, information sharing and innovation across enterprise
• Develops networks of internal and external business partners, suppliers, the technical/legal community and consultants
• Develops and maintains business partner relationships with TS IT and Business stakeholders. Accountability for Security and Internal Controls and highly technical TS Infrastructure projects.
• Establishes partnerships with Cloud vendor engineers, technical staff and/or security professionals
• Makes hiring recommendations
• Trains employees
• Recommends budget amounts
Required Skills:
• 6+ years of Information Security/ IT Risk Management/IT experience with growing technical responsibilities
• Demonstrated proficiency in info security, and cloud computing domains as evidenced by industry certifications, including understanding of traditional and emerging threats with particular emphasis in Information Security controls and technologies to reduce operational and security risk covering AWS, Azure, GCP and/or M365
• Knowledge, understanding, and technical proficiency in cloud technologies/services (Virtual Private/Hybrid Cloud, SaaS, IaaS, PaaS, DBaaS) and the appropriate controls and processes to secure them or reduce risk
• Effectively works with virtual, global teams – including diverse groups of people with multifaceted backgrounds and cultural experiences
Preferred Skills:
• MS and/or advanced degree preferred
• Information Security & Risk Management certifications preferred
• Working knowledge of COBIT and / or ITIL is preferred
• Knowledge of key business processes preferred
Required Education:
• BA/BS in Information Technology/Information Security or minimum university degree equivalent
Preferred Education:
• MS and/or advanced degree
• Information Security & Risk Management Certifications; Microsoft Certifications