Consulting, Information Technology, Software Engineer
Cloud Security Lead
Company is seeking a Cloud Security Lead or Architect to join our team.
The Cloud Security Lead is an integral part of the team responsible for crafting and delivering creative cloud security solutions for our clients. Your duties will include the development of Enterprise Cloud strategies, designing, building and automating secure cloud-based applications, as well as insuring security requirements are met in on-premise and public cloud (GCP, Azure, AWS, etc.) infrastructure. You will work with our client's leadership and various engineering teams to identify, assess and implement the most optimal solutions for our clients.
The ideal candidate will have a broad technical background, a solid understanding of applicable technologies, and a natural curiosity for producing effective solutions. This person is patient, has excellent time-management skills, and practices of effective communication style, especially with senior executive stakeholders.
Design, build, and lead a team that ensures the security of enterprise data and systems by specifying requirements for technical security controls for all enterprise information technology development initiatives.
Develop a capability to design, implement, and continuously update a technical security control requirements model supporting enterprise information security policies and standards, enterprise technology strategy, enterprise technology architecture and patterns, information security industry best practices, emerging information security technologies, and relevant laws and regulations (e.g. HiTrust, HIPAA, Sarbanes-Oxley, NIST SP 800-53 rev 5, GLB, and others.)
Develop a capability to evaluate the architecture and design of existing and proposed information technology systems against the enterprise technical security control requirements model. Enable the organization to identify any gaps between specific technical security requirements and the architecture of a given system and provide detailed technical recommendations on appropriate design or architecture improvements.
Develop a capability to assist the organizations responsible for the architecture, design, implementation, and deployment of technical security controls by providing virtual team resources and knowledge sharing to enterprise information technology development initiatives.
Develop a capability to verify that the requirements for technical security controls were addressed correctly and that all recommendations were implemented effectively (this includes collecting necessary information, verifying the accuracy of the information, testing the solution, and building an assurance argument).
Serve as a cyber security subject matter expert, assessing the business impact of cyber security risks to the enterprise and identifying options and recommendations for mitigating those risks.
Identify security control requirements for technology initiatives and deliver effective and practical solutions to meet those requirements in alignment with the overall objectives of the project and the business.
Work with Enterprise Architects and other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently and support business objectives.
Serve as an expert in platform, application, storage, network, virtualization, cloud and mobile security best practices.
Exercise thought leadership in the creation and maintenance of security architectures/design patterns.
Develop technical designs for a project to meet information security requirements based on approved security architectures/design patterns.
Resource planning and engagement management.
Service development and improvement.
Communicate and interact effectively and professionally with co-workers, management, internal and external customers and partners.
Communicate cyber security risks and solutions to various technical and non-technical audiences and levels of management.
Maintain communication with management regarding development within areas of assigned responsibilities and perform special projects as required or requested.
Develop strong working relationships with and offer continuous assistance and thought leadership to other leaders in the information technology organization.
Continuously track and report the status of all capability development and service delivery efforts through boardroom-quality visual communication deliverables.
Comply with and enforce HiTrust, HIPAA, Diversity Principles, Corporate Integrity, NIST 800-53, FedRAMP and other Compliance Program policies plus other applicable corporate and departmental policies.
A thorough understanding of the organization's technology and IT systems.
Planning, researching, and designing security architectures.
Developing, reviewing, and approving the installation requirements for LANs, WANs, VPNs, routers, firewalls, and related network devices.
Researching and designing public key infrastructures, certification authorities, and digital signatures, and ensuring all personnel have IT access limited to their need and role in the organization.
Developing project timelines for system upgrades and preparing cost estimates.
Testing the final security system and updating and upgrading it as needed.
Establishing disaster recovery procedures and conducting security breach drills.
Responding quickly and effectively to all security incidents and providing post-event analyses.
Monitoring and guiding the security team, cultivating a sense of security awareness, and arranging for continuous education.
Remaining up to date with the latest security systems, standards, authentication protocols, and products.
5-10+ years' experience in information security and IT risk management.
A strong working knowledge of current IT risks, security implementations, and computer operating and software programs.
Experience with various native cloud technologies
Advanced IT security certifications may be advantageous.
Ability to handle sensitive and confidential information appropriately
Willingness to work in Agile and iterative development methodologies
Knowledge of standards in IT architecture and infrastructure
Able to be responsible for the creation and implementation of the solution
Inquisitive and resourceful– not afraid to network within the organizations to ask relevant questions