9 months ago
- Lead the IT Security Committee, working closely with the Agency, Network and Corporate Chief Information Officers on Information Security strategy, initiatives, and goals.
- Manage & oversee implementation of SDLC policies at Corporate and the agency, facilitating the Security Software Group and DAS Forum, software security initiatives
- Participate in developing the information security training programs for global team
- Develop, maintain, communicate and provide guidance on the firm’s policies and standards such as Internet of Things and secure configuration standards for cloud and on-prem.
- Participate in the development of IT Security strategy; oversee the integration of security and technology
- Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing management with a realistic overview of risks and threats in the enterprise environment.
- Knowledge of Enterprise and Cloud security solutions and implementations into: Identity & Access Management, Identity Governance, CASB Cloud, Encryption & Key Management
- Knowledge of Security GRC issues related to AWS Cloud.
- Comprehensive expert understanding in many areas of IT and information security, with the ability to describe in business terms the impact of IT and cloud security policies, standards, and architecture, and provide cloud security direction to business and IT personnel.
- Make recommendations for risk mitigations.
- Assess new and emerging cyber threats to the cloud infrastructure.
- Provide technical guidance and leadership for the development of security policy and standards for cloud infrastructure.
- CISSP, Cloud Security certifications such as CCSP, AWS, etc.
- Technical experience with Risk Assessment, Data Protection, Privacy, Cloud Security, SDLC Security, Security Configurations, Vulnerability & Patch Management, Data Loss Prevention.
- Excellent collaborative and interpersonal skills.
- Excellent communication skills with both tech and non-tech professionals
- Demonstrates leadership abilities, must be able to work under pressure;
- Excellent knowledge of security standard, policies, and best practices
- Excellent knowledge of cloud architecture and cloud security principals
- Excellent knowledge of cloud methodologies
- Knowledge of AWS security services
- Proven knowledge of IT infrastructure, systems, and operations such as AWS, or Azure
- Desired – IT Asset Management experience
- Ability to assess risks in line with information security objectives and risk tolerance of the company.
- Project management experience and exceptional organization skills.
- This position requires a BA / BS degree in Computer Information Systems, Computer Science, Information Systems Management,
- 10 years in Information Technology and Information Security
- Knowledge of industry/regulatory requirements and frameworks: ISO27001/2, NIST 800-53, NIST CSF, GDPR