At IBM work is more than a job - it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so let’s talk.
The ideal candidate for this role will become an active member of a globally distributed team responsible for building the Sovereign Cloud offering which is part of IBM's Multi Cloud Platform strategy. This role is focused on working with multiple technology and offering teams to ensure that both corporate and regulatory security & compliance requirements; are built into the solution. We are seeking a self-motivated experienced security & compliance engineer. This role covers security assessment support the knowledge/development of appropriate security documentation (i.e. System Security Plan (SSP) policies and procedures) data gathering vulnerability management and ongoing continuous monitoring activities.
- Working experience with NIST Security controls and technologies including vulnerability management capabilities.
- Working experience with using tools such as Tenable Nessus/Security Center WebInspect or Nexpose etc.
- Participate in recurring ConMon meetings to review submit required artifacts assist with annual 3PAO security assessment generate or facilitate deviation requests as required
- Flexible self-motivated and able to work independently in a fast paced environment
- Collaborate with cross-functional teams to ensure security and compliance requirements are integrated into the development lifecycle.
Expected years of experience: 8+ years
- Create dashboards and metric reports to ensure Continuous Monitoring program is meeting local compliance obligations
- Excellent communication skills and the proven ability to work effectively with all levels of IT and business management
- Track and oversee the vulnerability remediation efforts in order to advise leadership as required on status blockers and potential risks
- Experience in filing deviation requests for vulnerabilities on behalf of product teams
- One or more related professional certifications (e.g. CISSP CISM CISA CRISC etc.)