Purpose of the Role:
The Manager, Cloud Security provides advisory and monitoring services that enable the achievement of the Bank’s information security policy for initiatives, as the Bank moves to the cloud. Security objectives include integrity, confidentiality / privacy, availability, continuity, and the delivery of cloud services. The incumbent provides cloud security consulting services to business units, assists in the development and support of sound security strategies, ensuring the reliable implementation of consistent and secure control processes to protect the Bank’s information and data resources.
Key Accountabilities:
- Executes the cloud security programmes, tracking and ensuring so that required activities for cloud security are considered, documented, and implemented for each project or initiative to ensure compliance with regulations, policies, and standards and that the Bank’s assets in cloud deployments are adequately protected.
- Identifies & recommends cloud security control process improvements to enhance security policy compliance.
- Collaborates with peers to ensure the quality and timeliness of cloud environment risk assessments, providing information and that remediation actions for issues identified are implemented to ensure that issues identified are addressed timely and that the environment is secure.
- Ensures that data provided for the generation of key performance indicators (KPIs) and key risk indicators (KRIs) is accurate, complete and timely for cloud security to ensure that there is quantifiable data to analyze to assess effectiveness of the cloud security framework.
- Supports senior management in the identification of vulnerabilities and associated remediation actions in collaboration with technology teams to ensure they are mitigated, or risk accepted in accordance with Bank policies.
- Implements sound tactical security plans as assigned by the senior manager, including consistent and secure control processes to protect the Bank’s infrastructure and data deployed in the cloud.
Critical Knowledge & Skills Required:
- 3+ years of direct practical experience with cloud security.
- At least 2 years’ experience with regulatory compliance and information security management frameworks, e.g., IS027000, PCI, National Institute of Science and Technology (NIST), etc.
- Practical experience with cloud security and the Cloud Controls Matrix.
- Knowledge of two or more of the following: Google Cloud Platform, Azure, Amazon Web Services, Cloud Foundry, or other cloud technologies would be an asset.
- Good and current knowledge of Information security risk management, including processes, tools, techniques, and practices for assuring adherence to standards associated with accessing, altering, and protecting organizational data.
- Excellent and current understanding of IT security best practices.
- Demonstrated ability to stay abreast securing evolving technology such as cloud and mobile computing.
Experience Required:
- Undergraduate or post graduate degree in Computer Science, Information Security, or a related field and one or more of the following or related professional certifications:
- Certified Cloud Security Professional (CCSP)
- Certificate of Cloud Security Knowledge (CCSK)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
JOB SNAPSHOT:
Category: Information Security Mgmt
Function: Enterprise Security & Fraud Management
Position reports to: Senior Manager, Cloud Security
