Our client is a global multi-billion dollar market leader who is committed to a major technology transformation that includes a move to be a very nimble, open source development, cloud enabled organization as well as generating additional revenue streams through connected car and advanced software products utilizing advanced predictive analytics.
They also have been investing in their global, enterprise security team which is already more than 150 strong. They are looking to add a key resource to their team to help integrate security into the development of cloud based applications. The Cloud Information Security Governance Consultant will lead activities such as working closely with the product, software, and infrastructure development teams to implement best practices within the cloud based environments and working closely with developers and system architects to diagnose, document, solution, and remediate any deviations from governance standards. This individual will also contribute to the evaluation, recommendations and implementations of cloud security controls in an automated continuous integration/deployment environment.
In addition, this person will have extensive client interactions relating to technical security controls with a wide range of technology-based functions and business groups. Relevant skills include an understanding of business/technology risk, thought leadership in designing and executing cloud / technology controls that mitigate those risks, and ability to keep up-to date with the latest technologies and potential cyber-threats.
A broad range of professional skills along with strong interpersonal skills will be required for problem-solving, collaboration with virtual cross-functional work groups, along with tracking and reporting of critical gaps to closure & final resolution. This resource is expected serve as a trusted advisor that can clearly articulate security policies, standards, and guidelines to both technical and business audiences alike.
Work closely with Application Development, Cloud, Governance, and Compliance teams to help formulate and implement a strategy for cloud based security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services.
Develop and maintain a balanced cloud security governance framework based on industry standards
Ensure compliance with society, regulatory, and industry standards for cloud based security.
Continuously evaluate the organization’s existing cloud security practices, define and measure security-related activities, and demonstrating improvements to the cloud programs within the organization.
Evaluate business strategies, requirements, and user needs, existing usage cloud platforms, technical capabilities, and overall cloud application maturity, and provides strategic guidance and best-practices based recommendations for implementing governance boards and proven best practices for cloud based application/platform development, deployment, and support.
Support lead security consultants in promoting and consulting on the positions that help strengthen and secure the organization by either following standards or helping direct others on technology positions.
Help facilitate review of changes in company processes, standards and technology to ensure the effectiveness of security controls to meet compliance requirements
Help consult with stakeholders on requirements for new and existing business / technology solutions to assure compliance to compliance frameworks and internal standards and governing policies and procedures
Responsible for building effective working relationships, making sound decisions, successfully making changes, initiating action and achieving results as a trusted advisor
Required Skills and Experience:
Minimum 5 years of experience in secure application/platform development and security
Minimum 3 years of project management, consulting, and/or application security analyst experience
Relevant postsecondary education and/or industry standard certifications preferred (i.e., CompTIA, Microsoft, EC-Council, ISACA, ISC2, SANS Institute/GIAC, EMC, Amazon, VMware), AWS Certified Solutions Architect, CompTIA Cloud+ Certification, CISSP, Certificate of Cloud Security Knowledge (CCSK)
A strong understanding of cloud security governance
Practical understanding and use of cloud computing and cloud security tools
Experience with establishing cloud security governance across an organization
Thorough knowledge of common application vulnerabilities (e.g. OWASP Top 10), attack techniques and remediation tactics/strategies
A demonstrable passion for application security, general understanding of SDLC processes and key security checkpoints along with software development methodologies
Understanding and Passion for Agile/XP/Scrum/Kanban, Test Driven Development built on User Stories and Continuous Integration/Testing/Delivery
Demonstrated success at leading cross-functional projects leveraging SDLC methodology. Basic knowledge of Security Analysis (manual and leveraging automated scanning tools). Familiarity with both static analysis and/or dynamic scanning tools.
Effective written, verbal communication skills – Ability to tailor communication style to audience at hand and write “high quality” documentation and/or presentations is a must
Ability to stay up to date with the current cybersecurity threat landscape to account for changing circumstances when evaluating security risks
Ability to develop/enhance partnerships with key stakeholders
Ability to maintain technical proficiency via self or formal training