ACTUAL JOB TITLE: Senior Cloud Security Governance Analyst
Why you'll love this job This position reports into the Cybersecurity Services Governance team lead and is pivotal in governance activities over the cloud environment and is responsible for automation/orchestration of administrative tasks, and enforcement of governance policies in our multi-cloud environments. The work will focus on assisting the governance CCoE to build a strong security governance framework including supporting and enhancing alignment to existing process best practices & standards; driving security-first approach to reduce risk for the company, improve accountability, security, scalability, and increase business agility. Candidate must have experience in information security and have supported or worked with cloud-based systems and applications.
What You'll Do • Will be an active member of an Agile squad focused on building a mature public and private cloud security capability within IT • Actively monitor security violations and vulnerability reports for cloud applications, perform root-cause and trend analysis, and provide recommendations for security control enhancements • Implement CCoE governance objectives in a consistent, repeatable, and automated way across multiple cloud environments with an emphasis on AWS and Azure • Identify security opportunities and assist in defining the strategies for Identity and Access Management, Key Management, Vulnerability Management, and Data Encryption for cloud solutions • Contribute to build effective security monitoring, logging, and auditing for client's cloud environmentsDrives maturity of cloud security services by identifying meaningful outcome-based metrics to highlight cloud related risks • Work closely with other groups to elevate our posture to cloud services thru improved security and standard methodologies • Provide cloud governance guidance to business owners, applications development and testing teams, and procurement, and other support groups • Maintains professional and technical process knowledge by keeping abreast of the latest industry-standard methodologies • Aligns risk and control processes into day to day responsibilities to monitor and mitigate risk; raises appropriately
*Note: Responsibilities of this role are not limited to the details above*
Your talents needed for success • Experience in Information Security GRC (governance, risk and compliance), especially in domains such as Vulnerability Management/Threat Management, Identity & Access Management, Risk Management, Certificate Management, Application • Security Management, Security Information & Event Management (SIEM) • Working knowledge of the AWS Application Hosting services (EC2, containers, serverless, storage, etc.) • Must have strong knowledge on Cloud Security/Infrastructure and should experience to govern policies and procedures with regards to cloud governance • Hands on expertise with auditing of cloud environment and ability to assist in defining and updating Information Security Policies/Standard as per industry best practices and regulatory requirements. • Ability to collaborate and drive discussions with senior personnel regarding trade-offs, best practices, project management and risk mitigation. • Has deep understanding of risk management principles and standards (ISO 27001/ISMS, PCI, COBIT, NIST) to recommend methods to mitigate risks with standard control mechanism. • Expertise on performing periodic control gap assessment or internal/vendor security assessment on systems & technologies • Experience with cloud security monitoring tools such as Dome9 and ability to define and present security risk metrics/data, desired • Information Security Certifications (CISSP, CISA, CISM, ISO 27001, COBIT, CRISC, AWS Certified Cloud Practitioner, CCSP ) is a plus • Good to have hands on experience with any of the GRC tools like MetricStream, Archer, ServiceNow, JIRA
Qualifications • Minimum of 6 years of related experience • Bachelor's degree preferred or equivalent experience