Cloud Security Lead
This role presents a dynamic opportunity to ensure the secure operation of global information technology (IT) cloud-based and acquired/merged infrastructure and processes, through developing and implementing new Cybersecurity safeguards, amending and improving existing safeguards, as well as contributing to implementation of necessary security measures and controls within projects across the enterprise.
The position plays a part in our Information Security team and will provide an excellent opportunity to liaise with key external and internal stakeholders while strengthening our Information Security function.
Required skills and qualifications:
* Minimum of 7 years of professional experience in Information Security, IT Delivery, IT Program Management and other related areas
* Experience with cloud security and cloud security platforms such as CASB, SASE, CSPM, CWPP, SaaS security, CSP (Azure and AWS) IaaS/PaaS security
* Experience with Palo Alto Prisma Cloud for Cloud Security Posture Management and Cloud Workload / Container Security
* A CISSP, CISM, CCSP or equivalent professional certificate is mandatory
* An ITIL, project management or IT architecture, such as TOGAF, CEH or GIAC or other related certificates are preferred
* Working knowledge of IT governance frameworks and standards such as CobiT, ITIL, ISO27001, NIST cybersecurity framework
* Working knowledge of IT architecture frameworks such as TOGAF and/or project management methodologies
* Working knowledge of regulatory and legal requirements frameworks related to information security for healthcare data, such as HIPAA, EU Data Protection Directive and/or equivalent regional frameworks is preferred
* Experience in information security related positions with working knowledge of IT infrastructure, networks design, databases, processing systems, web applications, mobile technology, cloud, big data, virtualization, protocols and technologies supporting encryption, authentication, access control, information systems attack patterns, intrusion detection, and network security
Key responsibilities will include:
1. Lead and support deployment of cloud security solutions such as CASB, SASE, CSPM, CWPP and other enterprise security platforms
2. Drive security architecture and cloud security across the organization including researching and implementing technologies to secure environments and solutions
3. Lead and drive key projects including leading solution design, tool evaluation and selection, proof of concept evaluations with stakeholders, operationalization and transition solutions to BAU teams
4. Evaluate market offerings, drive Proof of Concept evaluations, and collaborate with stakeholders to identify solutions to be used in designs
5. Support a security program focusing on cloud environments (including hybrid cloud), as well as traditional on-premises environments and environments acquired through M&A
6. Work with teams to design and build centralized compute environments with a focus on Microsoft Azure and Amazon AWS CSP environments
7. Document standards, requirements and security guidance for stakeholders to drive security with teams
8. Work with the Information Security team to drive Security by Design and collaborate with stakeholders to shift left by integrating security early in design processes by providing guidance, clear objectives and requirements and by working with teams to threat model and identify risks associated with designs
9. Work with stakeholders to develop the improvement of the landscape of technical security safeguards, including assessment and deployment of new capabilities, technologies, and systems
10. Develop secure architecture strategies for IQVIA with respect to technology domain standards and design goals
11. Ensure delivery of the security architecture frameworks, design templates, standards, reference architectures and guidance materials in alignment with the IQVIA Integrated Information Security Framework (IISF)
12. Research and identify emerging technology solutions that reduce costs, increase efficiencies, provide more value, provide more capabilities, reduce risks, and increase security posture
13. Evaluate information security components and conduct feasibility studies for selecting appropriate and cost-effective solutions
14. Engage with third-party specialist service providers and vendors where necessary to support program deliverables, including carrying out vendor and product selections and organizing necessary operational support