An employer is looking for a Cloud Security Assessor in the Toronto area. This individual will be part of the Cloud Security team and will be responsible for reviewing the business cases for cloud assessments for a Hybrid cloud initiative involving AWS where the bank is also moving to Office 365.
While the successful candidate needs experience as an architect in the past, this is not a "build role". They will be purely responsible for helping people within the bank understand their risk tolerance for the cloud implementation as the cloud system needs to mature quickly in order to be secure.
The trick in this role is to help influence suppliers / vendors (approximately 50 involved in this process) to admit where their faults are, and this individual will need to balance upwards of 10 projects at a time.
When obstacles arise they are looking for someone who can mitigate through ambiguity well and have strong problem solving skills.
A typical day could involve attending or hosting status meetings to review progress on delivery against security objectives, reviewing business requirements and solution proposals to propose security requirements, reviewing designs, producing assessment report and discussing findings with leaders from front line to executive or solving other assorted information security challenges.
Conduct business process reviews to understand current state business processes and how underlying applications support and enable these processes.
Collaborate with business partners and stakeholders to identify and define high level and detailed security requirements.
Review technical designs and solution proposals to propose or help identify viable, practical and cost effective solutions to security problems
Demonstrate success in facilitating discussions with functional areas of the organization.
Prepare gap, threat, and impact analysis documentation.
Partner with testing resources to identify testing requirements.
Proactively identify opportunities to utilize current or innovative technical solutions to improve business processes and / or products that provide additional revenue, cost savings or efficiency gains.
The majority of their interactions will be with business analysts, development managers, project managers, business unit team member and other groups in IT and IS and their associated vendor partners as well as other assessment teams involved in risk management across the bank.
10+ years experience working in sole contributor security roles (operational, consulting and / or compliance) - somebody who has been in the security space, in various roles, not someone who is coming out of audit, HM wants someone who has done it.
Not just someone who does compliance assessment, but has done security and has felt the impact of it.
3+ years experience securing SaaS, PaaS, and IaaS solutions
3+ years of experience leveraging and configuring the security features in AWS or Azure : examples : IAM, CloudTrail, VPC, EC2, ELB, CloudFont, etc.
Excellent communication skills both written and verbal
Experience executing information or IT risk assessments using common industry techniques and standards (e.g. CSA’s CCM, NIST standards, etc.)
Experience conducting Cloud Security vendor and supplier assessments to help people understand their risk tolerance for the cloud
Background as a Security Architect specializing in end-to-end builds of cloud solutions such as AWS or Azure
Eager to learn, passionate about cloud security
Insight Global is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.