Platform Security Architect (EU/IN)
- Remote from Europe/India, EU/IN
We are looking for a Platform Security Architect based in Europe or India to work for one of our clients, a multinational corporation that provides IT services, including digital, technology, consulting and operations services. The person in this role will work with a team based in Espoo, Finland.
The person in this role will be strong in cloud security (preferably GCP) and can work with teams to stand up and secure a cloud environment.
- Serve as a Cybersecurity resource and SME for a Product and Platform centric organization — ensuring that security architecture and governance are integrated with solutions during development while also ensuring that security is designed into actual services from the inception of the project to production and client delivery
- Day-to-day work with client delivery teams and ensure that delivery teams adhere to our client’s corporate information security architecture, policies, procedures, baselines and guidelines. This is role requires a mix of technical capabilities as well as the know-how to provide security governance over complex applications and projects while also having the ability to articulate complex security concepts to business personnel and non-security personnel
- Build security into the design of solutions and platforms used to support the organization. Serve as a security architect to work with enterprise, network, and solution architects to build secure solutions.
- Engage with resources across governance, compliance, and technical architects during the lifecycle of a project, supporting the sales cycle, to interacting with prospective clients and client teams to usher in, and provide security assurance, guidance, and advisory
- Interface with Digital business leaders, client architecture teams, corporate architecture and governance personnel
- Ability to translate technical risk issues and distill such issues to common IT business leaders and upper management
- Work with program managers to develop project plans, estimation documents, specifications, diagrams, and flowcharts
- Solid understanding as to how to mitigate risks with common controls such as WAF’S, IDPS’s, MPS’s, AWL, etc.
- Implement common principles and practices across cloud platforms and provide compliance with industry-specific guidelines such as the Security Trust and Assurance Registry from the Cloud Security Alliance
- Advanced Level of English
- Bachelor’s Degree in Computer Science, Systems Engineering or related fields
- 7 years of security architecture responsibility and progressive information security experience across various information security domains
- 10+ years of IT experience (including hands-on knowledge of network and distributed systems) and a sound understanding of networking concepts
- 3+ years performing risk assessments including experience with Controls Mapping, Audit Protocols, Applications, Databases, Virtual Networks, Servers, Domains, SaaS, Cloud, Encryption, Firewalls, DLP, IAM Solutions, and security testing
- Ability to understand and have in-depth technical knowledge of security technologies and cloud-native technologies including edge network controls, host-based controls, IDS/IPS, proxies, WAF, logging and monitoring, configuration management, and auto-remediation technologies
- Experience with native cloud solutions and public cloud environments (AWS/Azure/GCP) in alignment with NIST and HIPAA compliance
- Strong experience in public cloud solutions, services and practices including PaaS, IaaS, and SaaS products and services
- Understanding of network design principles and knowledge of virtualized environments and implementation of security controls in a virtual infrastructure
- Understanding of current information security and IT risk management solutions market and vendor spaces across broad security domains
- Strong communication and presentation skills. Ability to present complex compliance issues in an easy to understand manner for executive management
- Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources
- Previous client-facing and advisory experience required
- Experience writing security policies, guidelines, and standards
- Excellent written and verbal communication skills including
- Certification in one or more of the following is required: CISSP (Certified Information Systems Security Professional), CCSP (Certified Cloud Security Professional), CEH (Certified Ethical Hacker), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager, or GIAC (Global Information Assurance Certification)
- Master Degree in Computer Science, Security or related fields
- Big4 IT risk management consulting experience
Friday, September 11, 2020