Cyber Security Consultant

Introduction
At IBM work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so lets talk.

Your Role and Responsibilities
IBM Technology Zone operates a global Hybrid Cloud infrastructure inclusive of IBM Cloud AWS Azure Power Z VMWare and KVM.

The Security Consultant intern is to work with the Security & Compliance lead to ensure scalable security architectures across these platforms and compliance commitments are reflected in the corresponding roadmaps.

Additionally compliance risks and audit findings are completed within the planned timeframes and identified compliance issues are properly risk assessed with an action plan to close.

Your Principal task would be:

• Review document and iterate on cloud security models to ensure scalable and secure access to our Hybrid Cloud infrastructure.
• Collaborate with infrastructure architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology
• Conduct regularly reviews on compliance progression of systems and hosting internal and third-party audits as required in order to maintain certifications and compliance certificates.
• Work with the Development teams to ensure automation of evidence collection and evidence management is in line with compliance expectations at all times and when this is not the case identifies specific actions and owners to meet the expectations.

Required Technical and Professional Expertise

• Pursuing bachelor’s degree in computer science or information technology (CIS/MIS).
• Experience with DevOps concepts tooling and software development.
• Knowledge of ITSS or ISEC security policies.
• Knowledge of IBM Security Tooling (e.g. AccessHub IBM Inventory MAD Crowdstrike Cognos Reporting)
• Knowledge of Industry Security & Privacy Regulations (e.g. ISO SOC2 HIPAA PCI FFIEC GDPR)

Preferred Technical and Professional Expertise

• Experience working with application and cloud SMEs to document security models.
• Experience with public cloud security models i.e. access policies resource groups IAM LDAP etc.
• Experience with compliance programs such as FFIEC or FedRAMP/ FISMA GDPR SOC 2 PCI NIST ISO or ITAR.
• Experience in risk assessment processes service delivery operations and software development.