Senior Cloud Cybersecurity Technical Expert
The Senior Cloud Cybersecurity Technical Expert is responsible for developing, executing and maintaining a superior information security program that promotes resiliency by identifying and mitigating cyber risks and threats through risk-based consultation, advice, and direction for controls, designs, and investments for the entire financial institution. The ideal Senior Cloud Cybersecurity Technical Expert will have previous experience leading the execution and enhancements of a financial institution’s or Bank's cyber security risk assessment and management program.
- Leading and overseeing Cyber Cloud security testing and assessments that assess the security posture of information system boundaries
- Lead cyber security assessments program development, execution and maintenance
- Lead cyber Risk management activities are executed appropriately and in accordance with the Bank's three lines of defense framework
- Conducting technical assessments on SaaS, IaaS, and PaaS solutions.
- Utilizing secure software development life cycle (SSDLC), microservices architecture, application containerization, and DevSecOps
- Security testing utilizing the following tools & methods: SAST, IAST, and RASP.
- Performing cloud and security risk assessments using FedRAMP for the Cloud.
- Working with results generated from vulnerability assessments, penetration tests, threat modeling, and secure code reviews.
- Advising and training IT teams on emerging Cloud vulnerabilities and mitigation tactics.
- Articulating complex technology risks or control deficiencies to technical and non-technical business representatives, and translating them into business risks as well as recommending security solutions and remediation.
Required Experience, Technical Skills, & Education:
- 3+ of previous hands on experience leading years an information security team with overall
- 7+ years of previous experience working in IT Security
- Previous experience in conducting technical assessments on SaaS, IaaS, and PaaS solutions.
- Previous experience and strong working knowledge of secure software development life cycle (SSDLC), micro services architecture, application containerization, DevSecOps
- Previous experience with the various security testing tools & methods including SAST, IAST, and RASP.
- Previous experience and strong knowledge of the information security landscape, Cloud security solutions, and current and emerging security threats.
- Experience in performing security risk assessments using FedRAMP for the Cloud.
- Strong understanding of industry standard information security control frameworks, particularly with respect to Cloud assessments.
- Experience working with results generated from vulnerability assessments, penetration tests, threat modeling, and secure code reviews
- Experience in the area of risk and controls across various IT platforms especially Cloud infrastructure and applications.
- Ability to understand, and clearly articulate complex technology risks or control deficiencies to technical and non-technical business representatives, and translate into business risks.
- Be able to recommend security solutions and remediation.
- Strong knowledge of information security landscape, security solutions, and current and emerging security threats.
- Exceptional analytical, critical thinking and decision making skills.
- Ability to manage, prioritize, and complete multiple projects and tasks simultaneously within defined time frames.
- Must be organized, self-motivated, and able to work independently with minimal supervision.
- Highly Preferred relevant industry security certifications (AWS, CISSP, CISA, CRISC, SANS)