Cloud Security Engineer

Key Responsibilities:

1. Cloud Security Operations:
   • Act as the local Cloud Broker reference for security operations across public cloud platforms.
   • Review and ensure security measures for platform upgrades, changes, and compliance requirements.
   • Implement continuous security assurance for cloud platforms, including the development and control of security plans.
   • Ensure Security by Design is integrated into cloud services, particularly through CI/CD and Infrastructure as Code.
   • Work closely with Cloud product teams to consolidate and report on cloud security posture.
   • Coordinate with different teams to ensure the remediation of security issues, particularly related to vulnerabilities and non-compliance with the standards.
2. Local Governance and Security Processes:
   • Define, review, and update CB Security mandates, governance, and operational models to align with internal security and risk teams.
   • Develop and manage a security service catalog, offering security activities as services to other teams.
   • Lead and manage security change management processes, working across technical and business teams to ensure smooth security changes.
   • Organize and report on security projects, collaborating with cross-functional teams to secure cloud enablement initiatives.
3. Security Mandatory Compliance and Audits:
   • Participate in the evaluation and validation of security controls and their implementations, addressing any non-compliance or security risks.
   • Support the remediation of security issues found in internal audits and provide assistance for security recertification processes.
4. Cross-Market Security Projects:
   • Provide security expertise for cloud service enablement and facilitate security forums for information-sharing and reporting.
   • Oversee security incident management, acting as a Single Point of Contact (SPOC) for security issues and incidents across markets.
5. FinOps and Security Posture:
   • Manage FinOps initiatives related to cloud security cost optimizations, and ensure security posture evolves alongside financial operations and cloud advisories.
   • Work with various teams to align security considerations with cost management and operational efficiency.
6. Security Incident Management:
   • Manage and provide expertise in addressing cross-market security incidents, ensuring a swift and effective response.

Technical & Functional Skills:

• Educational Background: A Bachelor's degree in Computer Science, Engineering, or a related field. An MSc in Information Security is a plus.
• Professional Experience:
  • At least 4+ years of experience in operational security for public cloud platforms (preferably Azure and AWS).
  • Expertise in Cloud Security Frameworks, Regulatory Compliance, and Security Services.
  • In-depth understanding of Secure by Design principles, SecOps, and DevSecOps methodologies.
  • Familiarity with change management and Secure Development Lifecycle (SDLC).
• Knowledge of Cloud Platforms:
  • Strong knowledge of Azure Architecture or AWS Architecture (or both).
  • Hands-on experience implementing security controls for cloud environments, ensuring they align with security best practices.
• Security Incident Management:
  • Experience in Security Incident Management, including the ability to assess, report, and remediate security issues.
• Interpersonal & Organizational Skills:
  • Strong interpersonal and communication skills, particularly for dealing with diverse teams across different cultures and geographies.
  • Ability to work effectively in a matrix organization, coordinating across multiple departments.
  • Organized, with the ability to prioritize workload, meet deadlines, and manage time effectively.
  • Strong analytical skills with the ability to analyze complex security issues and apply analytical rigor to problem-solving.
• Facilitation & Negotiation:
  • Strong skills in facilitation, negotiation, and conflict resolution to handle complex security and operational challenges across teams.

Languages:

• English: Mandatory (must be fluent).
• French: Optional, but may be helpful depending on the geographical location and team requirements.

Ideal Candidate Profile:

The ideal candidate for this role will be someone with:

• Strong cloud security experience (particularly in Azure and AWS).
• A deep understanding of security frameworks and cloud governance.
• Experience in Security by Design, implementing security within the development pipeline, and working with cloud security services.
• Proficient in incident management, ensuring a proactive and effective response to security threats.
• Strong collaborative mindset, capable of working across multiple teams and aligning business objectives with security best practices.
• Analytical thinking to manage and mitigate risks across complex cloud environments.