GRC Cloud Controls Lead
Posted on Sep 3, 2019 by Request Technology - Robyn Honquest
This role will focus on Cloud security controls governance and compliance GRC Cloud controls. AWS experience certification a plus.
- Work closely with Application Development, Cloud, Governance, and Compliance teams to help formulate and implement a strategy for cloud based security that is tailored to the specific risks facing the organization, including threat modelling and applications security advisement services.
- Develop and maintain a balanced cloud security governance framework based on industry standards.
- Ensure compliance with society, regulatory, and industry standards for cloud based security.
- Continuously evaluate the organization's existing cloud security practices, define and measure security-related activities, and demonstrating improvements to the cloud programs within the organization.
- Evaluate business strategies, requirements, and user needs, existing usage cloud platforms, technical capabilities, and overall cloud application maturity, and provides strategic guidance and best-practices based recommendations for implementing governance boards and proven best practices for cloud based application/platform development, deployment, and support.
- Support lead security consultants in promoting and consulting on the positions that help strengthen and secure the organization by either following standards or helping direct others on technology positions.
- Help facilitate review of changes in company processes, standards and technology to ensure the effectiveness of security controls to meet compliance requirements.
- Help consult with stakeholders on requirements for new and existing business/technology solutions to assure compliance to compliance frameworks and internal standards and governing policies and procedures.
- Responsible for building effective working relationships, making sound decisions, successfully making changes, initiating action and achieving results as a trusted advisor.
- 5+ years' experience in secure application/platform development and security
- 3+ years' project management, consulting, and/or application security analyst experience
- Relevant postsecondary education and/or industry standard certifications preferred (ie, CompTIA, ISACA, ISC2, SANS Institute/GIAC, EMC, Amazon, VMware), AWS Certified Solutions Architect, CompTIA Cloud+ Certification, CISSP, Certificate of Cloud Security Knowledge (CCSK)
- Strong understanding of cloud security governance & experience establishing cloud security governance across an organization
- Practical understanding and use of cloud computing and cloud security tools
- Strong self-starter who has ability to operate independently and demonstrates complete ownership over assigned objectives
- Strong understanding of IT security best practices by applying depth and breadth of expertise in multiple related disciplines
- Understanding of Agile/XP/Scrum/Kanban, Test Driven Development built on User Stories and Continuous Integration/Testing/Delivery
- Demonstrated success at leading cross-functional projects leveraging SDLC methodology. Basic knowledge of Security Analysis (manual and leveraging automated scanning tools)
- Excellent oral/written presentation skills with ability to communicate effectively with Senior Executive leadership; proficiency in preparation of presentations, analytical reports, and documents regarding program operational status, achievement and performance
- Strong organizational skills, ability to effectively manage multiple, competing projects/priorities while achieving targeted completion results
- Ability to stay up to date with current cyber security threat landscape to account for changing circumstances when evaluating security risks
- Ability to maintain technical proficiency via self or formal training
- Proficient in MS Office Suite (Word, Excel, PowerPoint, OneNote, Project, Access, Visio) and SharePoint