:
· Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA
· Having the ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc
· Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner
· Developing, implementing, maintaining, and overseeing enforcement of security policies
· Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology
· Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates.
· Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials
· Providing training to teams as needed
· Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment
· Minimum of 12 years of relevant compliance experience and cybersecurity knowledge
· Compliance leaders do not require dev experience, but it is an advantage. 10+ years of security compliance audit experience is a must
· Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc
· Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI
· Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology
· Ability to understand enterprise business computing operations/requirements, and in particular, Cloud
· Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions
· Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk
- Working in a change-controlled production environment.
- Diagnosing the root cause of problems and propose solutions: Examples would be failed patches, tooling issues, false positives on system tests, authentication problems.
- Expertise in system configuration, especially privilege control (for example sudoer configuration), and system level firewall (iptables)
- An understanding of basic networking concepts: ipsec tunnels, firewalls, routers, public and private addressing.
· Project Management knowledge and experience a strong plus
· container based architectures and implementations such as kubernetes, docker, etc.
Education qualification.
- Computer science BSc or equivalent
- Security/privacy specific training such as ISO 27001 LA CISA, CISM, CISSP etc
