Level 3
Business Information Security & Risk Management (BISRM) Team Profile:
BISRM Team enables the Business and Technology to form a holistic view of identified risk and collaboratively make risk-based decisions while still enabling and ensuring velocity for the business. In addition to advising Technology Senior Managers on their risk posture, the team is also responsible for enabling Technology divisions to proactively embed and align security, governance, and compliance through the implementation of solutions based on the firm’s security policies and controls. The team advises on the firm’s Technology Policy & Standards, performs risk assessments and tests of controls, and delivers risk-reporting capabilities. The team handles responses to regulatory, audit, and client inquiries about the Firm’s technology risk, control framework, and fulfills Technology Risk Governance Committee responsibilities.
Position Description:
The Cloud Security Engineer is responsible for designing, implementing, and supporting Company’s Investment Management including but not limited to AWS & Azure environments. They work as a part of the larger Cloud Security and Risk Management organization consisting of Compliance, Governance, and Security functions to build effective, secure, and scalable solutions.
This is a highly technical role focused on driving integration and convergence efforts across cloud service provider environments. This person will work closely with the Company and legacy stakeholders to align security requirements and reduce risk within our development pipelines.
Requirements:
Bachelor’s degree in computer science, information assurance, related field or equivalent experience
7 years of information security experience with a focus on application and infrastructure
Expertise in cloud security regarding infrastructure and application development within AWS and Azure cloud security providers
Experience in DevOps/CICD pipeline and AWS and Azure cloud security providers
Experience with compliance requirements and audit engagements (GLBA, SOX, SOC, regulatory agencies, and Internal Audit etc.)
Ability to effectively communicate business risk as it relates to information security
Experience managing stakeholders (strong communication & influencing skills)
Experience of technical leadership (architecture, design, implementing modern development practices, acts with integrity in meeting tight deadlines)
Knowledge of multiple computing platforms, including Windows, OSX, Linux, Unix, networks, and endpoints
Experience with configuration management, change management, project management methodologies and tools including Cherwell or ServiceNow
#J-18808-Ljbffr