IBM Technology Zone operates a global Hybrid Cloud infrastructure inclusive of IBM Cloud, AWS, Azure, Power, Z, VMWare, and KVM. The Security Specialist is to work with the Security & Compliance lead to ensure scalable security architectures across these platforms and compliance commitments are reflected in the corresponding roadmaps. Additionally, compliance risks and audit findings are completed within the planned timeframes, and identified compliance issues are properly risk assessed with an action plan to close. The Security Specialist in our team will participate in some or all of the following:
• Review, document, and iterate on cloud security models to ensure scalable and secure access to our Hybrid Cloud infrastructure.
• Collaborating with infrastructure architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology
• Conducting regularly reviews on compliance progression of systems and hosting internal and third-party audits as required in order to maintain certifications and compliance certificates.
• Working with the Development teams to ensure automation of evidence collection and evidence management is in line with compliance expectations at all times, and when this is not the case, identifies specific actions and owners to meet the expectations.
• Assisting team members in addressing highly complex security issues applicable to enterprise environment.
• Mitigate CISR exceptions pursuant to established CIO policies.
Successful security Compliance leader will possess the following skills or knowledge:
• Ability to leverage and extend existing security reference architecture to include detailed security models for IBM Cloud, AWS, Azure, & VMWare environments.
• Ability to leverage and extend existing security reference architecture to include front-end and back-end components at the application level.
• Experience working with application and cloud SMEs to document security models.
• Experience with public cloud security models, i.e., access policies, resource groups, IAM, LDAP, etc.
• Ability to utilize project management principles to properly scope compliance work efforts by service lines, identify common areas of work, and create a measurable milestone plans across service lines to enable completion of compliance work items on time.
• Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, GDPR, SOC 2, PCI, NIST, ISO, or ITAR.
• Experience in risk assessment processes, service delivery operations, and software development.
• Ability to understand enterprise business computing operations/requirements, and in particular, public cloud and communicate to service lines what is expected in order to consider a work item complete.
• Ability to stand firm on issues yet be flexible and creative when working with stakeholders to find effective solutions.