Job Description

Cloud Platform – Security Compliance Architect
1 Openings • Deadline 22 May 2021
About the job

<p><strong>Cloud Platform – Security Compliance Architect</strong></p><p>&nbsp;</p><p>We have a team of security compliance leaders and architects overseeing solutions for this</p><p>complex environment, collaborating with security architects and Cloud DevOps teams</p><p>internally and around IBM.</p><p>The candidate will work within a multi-disciplinary team to support business units and</p><p>corporate functions to assess, develop and implement solutions aligned with security policies,</p><p>strategy and requirements. A security compliance architect will perform the following types</p><p>of functions</p><p> Provide guidance on security architecture, practices &amp; solutions to help business units</p><p>build &amp; deliver solutions</p><p> Design and contribute to security architecture processes that enable the enterprise to</p><p>develop and implement secure solutions and capabilities that are clearly aligned with</p><p>the business, technology, and threat drivers</p><p> Develop global security standards for technology platforms, participate in the</p><p>development and update of key security controls</p><p> Testing control evidence to determine effectiveness of control implementation</p><p> Participate in cloud and application security strategic planning and execution. These</p><p>initiatives and programs will feed directly into organization wide strategic security</p><p>plan.</p><p> Participate in discussions related to building secure, resilient and cloud ready</p><p>solutions based on multi-tenancy architecture, cloud-native development, etc.</p><p> Provide leadership, guidance, and direction in the design and implementation of</p><p>automated solutions, based on a set of standards and processes that enable our</p><p>application developers to easily consume security and compliance services.</p><p> Responsible for coordinating with other Engineers, Architects, and teams in</p><p>implementing a comprehensive cloud and application security program in a DevOps</p><p>environment.</p><p> Experienced in leveraging DevOps tools to build, harden, maintain and instrument a</p><p>comprehensive cloud-based security orchestration platform to be consumed in</p><p>product CI/CD pipelines.</p><p> Mentor other teams on security.</p><p>The security compliance architect will participate in some or all of the following:</p><p> Providing subject matter expertise in the creation, implementation, and maintenance</p><p>of appropriate enterprise programs, policies, and procedures to be compliant with</p><p>regulations governing the banking and financial services industry</p><p> Having the ability to utilize working knowledge of information security best</p><p>practices such as NIST SP 800 series and ISO 27000 series</p><p> Interpreting standards, requirements, and their application to the enterprise Cloud</p><p>environment in the most reasonable and cost-effective manner</p><p> Developing, implementing, maintaining, and overseeing enforcement of security</p><p>policies</p><p>&nbsp;</p><p> Collaborating with security compliance leaders and technical security teams to define</p><p>and implement security processes and procedures based on financial services</p><p>requirements and industry-standard best practices. Defining the requirements and</p><p>validating the procedures and audit testing methodology</p><p> Assisting team members and internal clients in addressing highly complex security</p><p>issues applicable to the banking and financial services cloud environment</p><p>Required Skills:</p><p> 10+yrs of IT Industry experience and Successful security compliance architects will</p><p>possess 3-5years experience demonstrating the following skills or knowledge (required)</p><p> Ability to understand and interpret laws and regulatory requirements related to the</p><p>protection of financial and other sensitive data, and develop and implement appropriate</p><p>processes to achieve and maintain compliance and reduce risk</p><p> Experience with Cloud operations and network security services, including firewalls,</p><p>intrusion detection, vulnerability scanning, OS patching, system hardening/health</p><p>checking</p><p> Experience with container-based architectures and implementations such as Kubernetes,</p><p>Docker, etc</p><p> Excellent knowledge of security and risk management trends as well as emerging threats</p><p>and vulnerabilities</p><p> Expert knowledge of security controls and countermeasures including practical</p><p>experience with identity management, cyber-security and IT processes / solutions</p><p> Excellent skills in risk assessment processes, policy development, proposals, work</p><p>statements, product evaluations, and delivery of technology</p><p>&nbsp;</p><p>Valuable experiences include (preferred)</p><p> Experience with compliance programs such as HiTRUST, FFIEC or FedRAMP/ FISMA,</p><p>HIPAA, GDPR, SOC 2, or PCI</p><p> Diagnosing the root cause of problems and propose solutions</p><p> Expertise in system configuration, especially privilege control, and system level firewall</p><p> Working in a challenging production environment</p><p> Administering systems that are internet facing</p><p> Excellent knowledge of application development methodologies (Agile, Waterfall, Dev</p><p>Ops) and the processes and practices used to secure them</p><p> Strong leadership and facilitation skills with an ability to build relationships with</p><p>stakeholders</p><p> Ability to stand firm on issues yet be flexible and creative when working with customers</p><p>to find effective solutions</p><p> Excellent oral, written and interpersonal communication skills</p><p> Highly self-motivated, self-directed and attentive to detail</p><p> Project Management knowledge and experience a strong plus</p><p>Education considerations include</p><p>&nbsp;</p><p> Computer science BS or equivalent</p><p> Security/privacy specific training such as CIPT, CRISC, CISSP</p>

  • Btech/BE
  • Mtech
  • (Equivalent profile accepted)
Skills Required

Security, Audit, Compliance

Missing any skill? Learn it now

Fulfillment Required
Job Type


Job Location


Work Experience

10-20 years


10-27 Lacs

Functional Area

IT Software - Client/Server Programming

Industry Type

IT-Software / Software Services

Published On

29 Apr 2021