Security Consultant - Cloud Risk Mgmt

Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant you will be a key advisor for IBM’s clients analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities
The Security Consultant is responsible for:

• Centralizing management of IT and Cyber Security Risks
• Providing guidelines and technical support in compiling the Public Cloud Exception and ensuring that risks associated are accurately identified both in relation to IT and Cybersecurity Risks for cloud platform services
• Providing Risk reporting for various stakeholders in IBM Cloud on a periodic basis to ensure that risks are managed effectively

Tooling : Public Cloud Security Exceptions WWBCIT
As a Security Consultant in our team you will participate in some or all the following activities:

• Perform Risk Assessments / Controls Assessment as per NIST 800-53 for IBM Cloud platform
• Contribute to define and establish security strategies and ensure those are aligned with IBM standards public cloud business objectives and are consistent with regulations
• Support the development and implementation of public cloud policy standards guidelines tools and documentation based on industry-standard best practices and compliance requirements for consistent execution of risk management activities
• Provide subject matter expertise of appropriate enterprise programs policies and procedures to be compliant with all applicable regulations including ISO SOC HIPAA PCI FedRAMP/FISMA
• Define and perform Risk based metrics measurement for the Public Cloud offering and perform metrics measurement of the governance structure of the security policies etc.
• Create and monitor awareness and training program throughout the public cloud organisation to ensure risks are raised appropriately by service teams

Required Technical and Professional Expertise

• Bachelor’s in technical discipline Computer Science (or relevant)
• 5+ years’ experience Cyber security program and management
• Extensive experience on IT Risk Information Security governance and management
• Experience in risk assessment processes policy development proposals work statements product evaluations and delivery of technology
• Experience developing and managing a security metrics program
• Experience on regulatory compliance programs (like GDPR FBA FedRAMP/ FISMA HIPAA SOC 2 PCI etc.) and audit procedures
• Strong knowledge of main Information Security standards and framework (NIST series ISO 27000 series CSA etc.)
• Ability to understand enterprise business computing operations/requirements and in particular Cloud
• Basic knowledge of the critical security controls (Asset Management Inventory Management Access Management Risk Management System and Application Configuration Data Integrity and Protection Business Continuity Network Security Container Security Patch Management)
• Basic technical knowledge and experience on security technologies (like Endpoint protection Data Protection Cloud Security etc.) and on cyber security capabilities (SIEM SOC Vulnerability Management Threat intelligence etc.)
• Advanced problem solving analytical and communication skills to effectively interacts with technical subject matter expert as well as exec level stakeholders

Preferred Technical and Professional Expertise

• Security/privacy specific training/certification such as CRISC CIPT CISSP
• Experience with operations of data centers or Cloud and network security including security systems such as firewalls intrusion detection vulnerability scanning OS patching health checking
• Experience with container-based architectures and implementations such as Kubernetes docker etc.
• Project Management knowledge and experience