Description:
The IAM Cloud Security Controls Specialist will develop and maintain an inventory of cloud control requirements based on threat models, laws, rules and regulations; track operational readiness of process and technical capabilities to implement the required controls; and ensure the control requirements are appropriately codified in Policy, Standards and Procedures.
This role requires deep knowledge of cloud threat models and related security controls. The specialist must be able to understand intent of laws, rules and regulations determine whether existing or proposed operational controls will satisfy the requirements. The specialist must also develop and maintain documentation that accurately describes the current cloud control environment, for review by oversight organizations (Audit, Compliance, Operational Risk, Regulators, etc.)
This role is part of the Cloud Process Integration team, within the Cloud Defense team of Cyber Security Defense organization within Global Information Security (GIS). The Cyber Security Defense team in GIS is a true global operations shop with leading edge tools, processes, and people. They encourages career mobility and this role will provide the opportunity to be part of a team where development and advancement is actively supported.
This role is basically preparing GIS to move to the cloud, developing a good security framework for PaaS, IaaS, and SaaS, what are those security requirements, using the CSA cloud matrix and how to do that here at the bank, good solid understanding of the security requirements from policies and expectations standpoint, multi deployment of controls.
What is expected to be in place? Focus on making sure we are ready for an audit or regulatory review, scrutiny in Q4 and next year around this, have to be ready, in place and good understanding of readiness to move to the cloud. Mock audit of themselves and assess their readiness for those requirements, and map back to regulatory and industry standards. They won't be setting up the controls, another team would set up the control environment, but these individuals will work with those other teams, interacting with an existing team to modify their operational processes.
Have a repository with security requirements documented, building the methodology, whos accountable for each of the security requirements, building the mechanism by which they do that, good bit of work to build this out themselves, build the infrastructure repository, SharePoint, Jira, share info and build a model to record these assessments and engage with control owners, setting up meetings, organizing this, standing up meeting,
Creating a "Permit to Operate" - PTO
Skills:
framework, cloud, risk assessment
Top Skills Details:
framework,cloud,risk assessment
Additional Skills & Qualifications:
4) Experience evaluating threats/risks posed by new technologies spanning network
Strong verbal and written communication skills. Ability to communicate with business leaders, users, and tech-savvy stakeholders.
Strong ability to interact, communicate, and influence vertically and laterally
Ability to take ownership of an initiative/issue through completion.
Ability to work in a collaborative environment.
Strong project management skills.
Ability to own and deliver on complex initiatives in a high paced, evolving environment.
Highly organized and motivated self-starter who can deliver results with moderate direction
Ability to influence and drive collaboration across diverse groups
Certifications: CCSK, CCAK (CSA), CCSP, CISSP, CCFP (ISC2), CISA, CRISC, CISM (ISACA), CCIE (Cisco), TOGAF, CCTA (McAfee),
Knowledge in Identity & Access management, Application security, Risk assessments, Cloud technologies, GRC (Governance, Risk, and Compliance) with emphasis on security processes and controls
Familiarity with financial industry laws, rules and regulations and guidance documents.
Experience within Audit, Operational Risk, Compliance, Regulatory or related oversight organizations.
Experience interacting with examiners and partners within control oversight organizations such as Audit, Compliance, Operational Risk, Regulators, and independent assessment organizations.
Experience in implementation of information security strategy, including compliance with industry best practices and regulatory requirements.
Strong analytical skills/problem solving/conceptual thinking
Ability to work with technical and non-technical business owners
Assist with internal efficiencies projects and development
Experience with Azure Security Center, AWS Cloud Security Hub, or Google Cloud Security
Excels at adapting to changing business needs with ability to balance multiple competing priorities in an extremely dynamic environment
Ability to proactively anticipate problems and execute solutions
Experience Level:
Entry Level
About TEKsystems:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.