Strong knowledge of Azure to help implement security controls
Security and compliance management programs; interactions with and support of clients; risk management and other GRC responsibilities
Experience managing information security functions, including governance, frameworks, processes, tools, scorecards, and dashboards
Key Responsibilities
Develop and implement cloud security architecture that aligns with business objectives and regulatory requirements.
Identify and assess potential security risks and vulnerabilities in cloud infrastructure and develop mitigation strategies.
Provide guidance and support to development teams in the secure design and implementation of cloud applications.
Collaborate with cross-functional teams to integrate security controls and processes into cloud infrastructure and applications.
Develop terra forms or IaC to maintain cloud security policies, standards, and procedures.
Conduct regular security assessments and audits of cloud infrastructure and applications.
Stay up-to-date with emerging threats, vulnerabilities, and best practices in cloud security.
Knowledge & Experience:
Minimum six years of progressive experience in leading security and compliance management programs; interactions with and support of clients; risk management and other GRC responsibilities within a large IT organization, preferably within a professional services firm or similar.
Demonstrated experience with managing information security functions, including governance, frameworks, processes, tools, scorecards, and dashboards under aggressive deadlines and with competing priorities.
Knowledge of industry regulations and standards (e.g., HIPAA, Meaningful Use, FISMA, PCI) as well as core technology infrastructure (e.g., firewalls, servers, databases, Internet technologies).
Proven experience interacting with regulators, internal auditors, and/or external auditors.
Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, ISO standards, and Cloud Security Alliance
Working knowledge of GRC tools.
Certification requirements: CISSP, CISM, CISA, ISO 27001 Auditor, LSS Green Belt, CRISC, CIPP, CGEIT or ITIL