Technology Risk Management (TRM) is responsible for information security policies, processes and practices for the enterprise including the IT Risk Management program, security policy management, threat and vulnerability management, security awareness and education, application security, key control testing, vendor security assessments, security monitoring and event correlation, security risk assessment, security incident response, and security architecture.
Position Title: Cloud Security Architect
Responsible for providing highly advanced technical and analytical skills to the Technology Risk Management (Information Security) Office. Under the supervision of the Director, Enterprise Information Security Architecture, will assist in the collection of requirements and contribute Subject Matter Expertise (SME) advice in the areas of Cloud security design, policies, and control standards. Proactively engages staff throughout to communicate cloud security standards, guidelines and strategies. Works with project teams to ensure technical quality of cloud security focused deliverables and adherence to security standards, governance and controls practices. Considered a security and technical expert in cloud security technology, designs, systems implementation and integration, with deep, specialized knowledge of cloud strategy, including all affiliates systems and applications. Conducts technical research when necessary to contribute to setting cloud security direction and strategy. Assists others on own team, or other teams where applicable, on cloud security projects or security-relevant tasks on technical projects.
Provides Cloud Security SME advice and guidance related to all activities including Information as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) initiatives, projects, plans, and reviews.
Contributes subject matter expertise advice in the areas of Cloud security at both the enterprise and project level with a focus towards cloud security
Works with teams to evolve cloud based products to adherence Information Security Policies and Control Standards
Assists project teams during system design with the drafting of logical architectural and design models with a focus on cloud security
Assists project teams during system design to promote the efficient deployment of IT assets to cloud environments in a secure and policy compliant manner.
Advises project teams during system development to ensure compliance with security policies, guidelines, standards, controls, and governance
Shares cloud security vision with key stakeholders by organizing discussions and formal presentations
Participates in working groups of subject matter experts for definition and review of security standards, guidelines, principles, governance and controls
Actively contributes SME advice to TRM members of the Cloud Hosting Evaluation Council
Actively contributes SME advice to TRM members of the Architecture Steering Committee and appropriate architecture roundtable meetings
Works closely with Chief Information Security Architect to ensure a shared vision across for cloud architecture and security
Provides technical guidance to cross-functional application development teams
Contributes to the technology strategy, vision, requirements, and solutions for enterprise cloud initiatives
Designs, develops, and implements new cloud security technologies as necessary to support business and technology solutions
Consults with application development teams to determine cloud security requirements and for planning and delivering cloud based business solutions
Assists in the development of estimates for cloud security for cloud hosted projects
Contributes to defining time tables and project plans
Assists in the definition of milestones and progress tracking