Cloud Security Lead

Role & responsibilities

1. Possess strong understanding of the concepts, approaches, methods, and techniques used for the implementation and effective management of a cloud security program

2. Support in design, implementation and configuration of the Cloud security systems

3. Lead cloud security assessments and provide recommendations on required configurations for client cloud platforms (such as AWS, Azure, GCP, Alibaba Cloud, Oracle Cloud) and environments based on Cloud Cyber Risk Framework and industry standard frameworks such as PDP, GDPR, ISO, CSA-CSM and NIST

4. Provide support for escalated incidents or critical situations

5. Interface with Engineering and assist with testing or troubleshooting

6. Reproduce issues to verify problems and provide feedback to Engineering and teams

7. Contribute to development and maintenance of Information Security Policies, Standards and Guidelines

8. Identify security gaps or concerns pertaining to new infrastructure or application build out. 9. Troubleshoot problems with cloud infrastructure (e.g., domain name service, virtual network peering, dedicated cloud connectivity services) and resources (e.g., virtual machines, virtual networks, cloud databases) in a multi-cloud vendor environment and lead analysis of technical platform issues, and resolution as part of cyber risk mitigation steps

10. Gather evidence, perform remediation, and work with the IT GRC vertical to support audit efforts.

11. Create and maintain documentation of departmental security procedures pertaining to cloud security

12. Serve as an expert on cloud cyber risk for other business and technology stakeholders.

13. Maintain and build effective, professional relationships with third party vendors and service providers that result in timely delivery of requirements and the highest standards of quality and cost effectiveness

14. Work with internal stakeholders to gather requirements and develop the most effective solutions

15. Keep abreast with latest trends in the field of cloud security

16. Participate in seminars/conferences/forums to keep up-to-date with the industry best practices

Preferred candidate profile

1. Cloud computing experience (AWS, AliCloud, Azure), and in particular, CloudFormation, EC2, EMR, S3, Redshift, RDS, SQS and AutoScaling Groups

2. Experience in patch management and vulnerability scanning

3. Familiarity with industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing such as ISO 27001, Cloud Security Alliance, NIST 800-53, PCI DSS, SOC2 and FedRamp

4. Strong analytical & problem-solving skills with ability to translate ideas into practical implementation

5. Ability to manage stakeholder relationships including team members, vendors and partners 6. Excellent leadership and communication skills with ability to present and communicate effectively with both technical and non-technical audience

7. Ability to provide technical and professional leadership, guidance, and training to others