Description
As a dynamic multinational tech company operating in 50 countries, we drive innovation, create projects that shape the future, and greatly enhance quality of life. You will find our solutions in the space industry, supporting scientists in the development of cancer drugs, and implementing innovative technological solutions for industrial clients worldwide. These are just some of the areas in which we operate!
Currently, for the new Seargin project, we are looking for a Cloud Security Governance & DevSecOps Consultant!
Role : Cloud Security Governance & DevSecOps Consultant
FTE : full-time
Contract : B2B (Autonomo)
Sector : construction
Location : Remote from Spain, occasional visit to the office in Madrid
Languages : Excellent English
Recruitment Process : 1 stages
Start : ASAP
Project: 6 months
As we migrate most of our IT systems hosted in on-premise datacenters to a global cloud provider (AWS) and the wide use of SaaS and Paas and Devops for Iaac, it is imperative support a governance structure to ensure we utilize these cloud resources in an efficient, secure and effective manner.
New technologies and ways of working have been introduced with the migration to the cloud, thus the security and IT controls in place to protect the confidentiality, integrity and availability of the information stored in those IT systems must be reviewed and re-designed as necessary. The Cloud Governance aims at reviewing and refreshing the IT controls applicable to all Holcim’s cloud environments, including clear roles and responsibilities for all regions, and streamlining the management of cloud resources globally and needed security controls to ensure all infrastructure is properly protected.
Job Profile:
Under the general direction of Global IT Security, and the technical direction of the Global IT Security Officers, the Cloud Security Governance Consultant will be responsible for reviewing, improving and consolidating all the supporting documentation and materials produced as part of the Cloud Security Workgroup (Council) Security Stream during the last years, in collaboration with the different IT teams involved. The main responsibilities for this role are aligned with the key objectives of the Cloud Governance project:
* Understand our IT and cloud environments, including IT systems criticality and relation to the business (documentation review and interviews with key stakeholders).
* Review and Enhance the Cloud Control Framework including key controls to be implemented in all cloud environments, as well as more advanced controls applicable to critical IT systems (first version already defined).
* Review, update and enhance the current Cloud Governance Standard applicable to all cloud instances used in our company and aligned with the Cloud Control Framework, and socialise it with key stakeholders.
* Propose and Document detailed procedures including guidance to implement each control included in the Cloud Control Framework (all controls must be covered, but one procedure can cover several controls).
* Propose and Enhance the current process to periodically assess and report compliance against the Cloud Control Framework for different IT systems, depending on their criticality.
* Support any other cloud initiatives and needs arising during the project, like the cloud account lifecycle management process.
* Provide expert insight and recommendations regarding our utilization of AWS and GCP features and cloud resources.
Key interfaces, stakeholders and relationships:
* IT Security & Compliance teams: day-to-day activities and escalations.
* Global I&O teams: collaboration to ensure accurate control descriptions.
* Managed Service Provider in charge of IT Operations: collaboration and follow-up on controls implementation status.
Level of education/qualifications required:
* Bachelor’s degree in Information Technology or related discipline.
* 5+ years of experience in IT Security.
* Broad knowledge on cloud IT security and governance, particularly on AWS and optionally GCP.
* Extensive experience in defining and implementing IT security policies and procedures.
* Experience in managing IT security projects, assessments, and audits.
* Desirable to have one or more of the following certifications:
○ AWS Certified Security - Specialty
○ AWS Certified Solutions Architect - Associate level or above
○ CISSP
Requirements :
Technical / functional skills:
* Excellent synthesis and analysis skills.
* Excellent documentation skills and attention to detail.
* Excellent communication and interpersonal skills.
* Knowledge of IT Security standards, particularly:
* ○ NIST Cybersecurity Framework
* ○ Swift Customer Security Controls Framework
* ○ ISO 27000 series on Information Security Management Systems
* CSPM tool management: Wiz
* SIEM basic knowledge : Google Sec Ops
* Proactive, Open-minded, collaborative and effective team player.
* Ability to work in a multicultural and multi-located team.
* Ability to communicate openly and effectively with diverse stakeholders, including external vendors and auditors.
* Ability to work proactively and under pressure, follow up on tasks and push team members for actions.
* Ability to deal with ambiguity.
Linguistic skills:
* Fluency in English, both verbal and written.