Cloud Security Engineering

Job Description

Level 3

Business Information Security & Risk Management (BISRM) Team Profile:
BISRM Team enables the Business and Technology to form a holistic view of identified risk and collaboratively make risk-based while still enabling and ensuring velocity for the business. In addition to advising Technology Senior Managers on their risk posture, the team is also responsible for enabling Technology divisions to proactively embed and align security, governance and compliance through the implementation of solutions based on the firm’s security policies and controls. The team advises on the firm’s Technology Policy & Standards, perform risk assessments and tests of controls, and deliver risk-reporting capabilities. The team handles responses to regulatory, audit, and client inquiries about the Firm’s technology risk, control framework, and fulfil Technology Risk Governance Committee responsibilities.

Position Description:
The Cloud Security Engineer is responsible for designing, implementing, and supporting Company’s Investment Management including but not limited to AWS & Azure environments. They work as a part of the larger Cloud Security and Risk Management organization consisting of Compliance, Governance and Security functions to build effective, secure and scalable solutions.

This is a highly technical role focused on driving integration and convergence efforts across cloud service provider environments. This person will work closely with the Company and legacy stakeholders to align security requirements and reduce risk within our development pipelines.

Requirements:
• Bachelor’s degree in computer science, information assurance, related field or equivalent experience
• 7 years of information security experience with focus on application and infrastructure focus
• Expertise in cloud security regarding infrastructure and application development within AWS and Azure cloud security providers
• Experience in DevOps/CICD pipeline and AWS and Azure cloud security providers
• Experience with compliance requirements and audit engagements (GLBA, SOX, SOC, regulatory agencies, and Internal Audit etc.)
• Ability to effectively communicate business risk as it relates to information security
• Experience managing stakeholders (strong communication & influencing skills)
• Experience of technical leadership (architecture, design, implementing modern development practices, acts with integrity in meeting tight deadlines)
• Knowledge of multiple computing platforms, including Windows, OSX, Linux, Unix, networks and endpoints
• Experience with configuration management, change management, project management methodologies and tools including Cherwell or ServiceNow