Establish security requirements for cloud-based solutions by evaluating business strategies and requirements; researching cloud infrastructure security standards, such as ISO 27000 series, NIST CSF, and CSA
Provide domain expertise in public cloud and enterprise technology
Serve as the security lead in the design, implementation and integration phases of cloud based solutions to meet company's requirements and address security risks
Identify and deliver appropriate controls based on industry standards to drive a cloud security solutions framework based on business risk and cloud native threats
Continually evaluate new threats in the cloud, to identify the impact on IT and Business to develop and implement security controls
Provide recommendations for improvement and risk reduction by assessing companycloud security posture; and act as a change agent to secure infrastructure, platforms, applications, and data
Technical competencies
Strong expertise enabling business initiatives sitting on top of AWS, Azure / O365 and Salesforce
Strong expertise leading security architecture and design efforts
Experience Managing Security in a Multi-Account/Multi-Line-of-Business Cloud Environment
Experience with protecting IaC pipelines and environments built with automation
AWS security services, including IAM , Guardduty, KMS, Secrets Management, cert manager , security hub, SSO, config
Experience in multi account AWS environments
Tooling
Native security tools within AWS, Azure / O365 and Salesforce
CASB: McAfee or similar
Data Classification / Protection: Varonis or similar
DLP: McAfee, Forcepoint Websense or similar
Other qualifications
10+ years working on cybersecurity with strong expertise around I&AM, Data Protection and Privacy
5-10 years focused on cloud related initiatives
Certifications
AWS Certified Security Specialty
CISSP, CISA
Soft Qualifications
English and Spanish completely fluent
Experience working on Insurance, Finance or Health industries
Excellent people-management skills
Regulations: Knowledge of GDPR, SOX, CCPA, HIPAA, PCI DSS