Industry Cloud Risk and Controls Specialist

Introduction
At IBM work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients. To make markets. To invent. To collaborate. Not just to do something better but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so let’s talk.

Your Role and Responsibilities
The Cloud Risk & Controls Specialist provides support for those looking to take a risk-centric approach to their digital transformation for application modernization to cloud. This role also helps clients and internal IBM partners to understand key security issues risks exposures and helps develop approach to meet business needs. Key areas of responsibility include:
Control Mappings

• Conduct control mapping assessments and produce formal reports showing how the IBM Cloud Framework for Financial Services control requirements compare to key industry and regulatory standards/requirements as well as financial institutions’ (FIs) internal control frameworks
• Assess whether FIs have a scrutable control set managed by a strong enterprise risk management function
• Hold discussions with internal stakeholders and clients on an ‘as needed’ basis to walk them through the results of various mapping assessments
• Employ data analytics tools and related automation e.g. AI to drive controls intake process and initial gap analysis
• Provide organization and thought leadership to ensure that the overall mapping program remains agile rapid and scalable
• Develop program assessment methods to drive efficiencies and evaluate service for ongoing improvement
• Ensure program initiatives continue to align to organizational objectives
• Oversee multiple in-flight assessments ensuring program aims are delivered in a timely manner
• Evaluate and overcome program risks and produce program reports for internal management & other key stakeholders
• Maintain team’s Key Performance Indicators (KPIs) and Service Level Agreements (SLAs)

FS Validations & Risk Assessments

• Partner with IBM Cloud Service/Software IBM Cloud BISO Infrastructure and ISV Ecosystem teams to complete risk evaluations enabling FS Validation approvals for IBM Cloud Services/Software MZRs and ecosystem partners (ISVs)
• As part of risk assessments identify risks threats vulnerabilities potential anomalous flows and interactions considering potential mitigating/compensating factors
• Help support development of internal and client-facing collateral providing insights and transparency into the FS Validation and risk assessment processes

IBM Cloud Framework for Financial Services

• Support effectiveness and continuous enhancement of the FS Controls Framework and associated methodology by identifying/documenting additional requirements based on the outcome of controls mapping efforts that further drives the security and risk architecture
• Coordinate with the IBM Cloud BISO Compliance teams Offering Management and strategic partners in confirming completeness and on-going enhancements of the FS Controls Framework
• Provide subject matter expertise to strengthen controls design and implementation effectiveness

Required Technical and Professional Expertise

• Bachelor’s degree in cybersecurity computer science information systems or related field
• 5+ years of cybersecurity IT risk management IT audit and/or compliance experience particularly within the financial services sector
• Professional certification such as CISA CISSP CISM and CRISC
• Understanding of global financial services regulatory bodies that oversee technology and cybersecurity risk in the industry e.g. FFIEC FCS RBI EBA (DORA) APRA OSFI MAS CMORG ECUC and EUCS
• Prior experience of proof reading/interpreting regulations along with ability to gauge possible associated risks
• Strong proficiency of multiple security IT Compliance and auditing standards including but not limited to NIST Cybersecurity Framework NIST 800-53 COBIT ISO 27001 CRI Profile OWASP ITILv3 and CSA
• Subject matter expertise in IT operations & security control domains such as application security cloud security container security change management disaster recovery data center operations information and network security
• Creativity and judgment to move between multiple projects within the business
• Good communication (verbal and written) and interpersonal skills

Preferred Technical and Professional Expertise

• Master’s degree in cybersecurity computer science information systems or related field
• 8+ years of cybersecurity IT risk management IT audit and/or compliance experience particularly within the financial services sector
• Experience with cloud transformation risk management journey
• Practical knowledge of security in application development DevSecOps and threat modelling