The Security Architect role focuses on continuous monitoring and strengthening of the Cloud security processes, aiming to ensure compliance with internal and external profiles and audits.
Responsibilities:
- Providing security and compliance subject matter expertise on cloud applications and platforms.
- Reviewing new cloud service offerings and partner technologies for potential information security risk as part of IBM’s change management and architecture review processes.
- Ensuring compliance of solutions against applicable standards, and in accordance with the IBM’s security, compliance, and privacy policies.
- Stay informed on emerging cloud technologies and evaluate vendor offerings to determine best fit for IBM’s business needs.
- Drafting technical documents for systems, architectures and processes.
- Collecting and validating security controls from IBM and external regulatory profiles.
- Identification of risks, threats, vulnerabilities and potential anomalous events flows.
- The definition of security processes for assurance, management and compliance.
- The design, integration and deployment of processes and architectures for end-to-end security, including Networks, Storage, Server Infrastructure, Management Applications and Systems.
- Staying current with industry regulations and standards, ensuring the organization’s adherence to relevant compliance frameworks including ISO 27K, SOC1 , SOC2 , HIPAA, HITRUST, PCI DSS, and IBM Cloud Financial Services.
Required Technical and Professional Expertise
- Bachelor’s degree in Computer Science, Information Security, or a related field.
- Minimum of 7 years of experience in a Security and Compliance relevant role or similar.
- Proven experience in security engineering and compliance roles.
- In-depth knowledge of security frameworks (ISO 27001, NIST, etc.) and compliance requirements, with specific experience in SOC1/SOC2, HIPAA, PCI-DSS and FS Cloud.
- Familiarity with industry best practices in areas such as access control, encryption, and identity management.
- Strong understanding of networking protocols, firewall management, and intrusion detection/prevention systems.
- Experience with security tools and technologies.
- Excellent communication and interpersonal skills.
Preferred Technical and Professional Expertise
- Master’s degree in Computer Science,Information Security, or a related field.
- Review the current enterprise cloud architecture to identify weaknesses and opportunities for improvement using cloud solutions.
- Actively participates in the vulnerability management program, including pre-deployment risk and compliance assessments.
- Conduct regular technical risk assessments of systems and infrastructure.
- Oversee and directly participate in the installation, configuration, and management of cloud security technologies.
- Manages cloud security projects as assigned.
- Actively participate in the maintenance and development of the cloud security roadmap.
Certifications (Preferred):
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)