Cloud Security with Governance Analyst
Required Experience
5+ years of experience
a. Conducting compliance assessments by understanding business objectives, structure, policies and procedures, internal controls, and external regulations
b. Performing continuous readiness and remediation tracking of cloud services and applications compliance and risks for data protection audits
c. Appling Identity Management, Secure Development, Asset and Configuration Management knowledge and expertise to prevention and built-in compliance design challenges
· Strong analytical and problem solving skills are needed to perform the job of a Cloud Security and Governance Advisor
· Ability to establish and maintain effective working relationships with application teams, first and second-level cloud control leaders/owners, and internal/external partners
· Experience in security monitoring methods, log analysis and security remediation consultation for data protection methods, vulnerabilities in cloud and software-enabled technologies
· Should be familiar with relating cyber threats such as viruses, spoofing, ransomware, and malware to preventive and detection services configured as cloud controls
· Should be familiar with emerging security threats and their attack vectors in components that enable cloud-native services, container and identity access management technologies
· Must be self-motivated and can function as an effective team member with little supervision and work instructions
· Document system technical operations, manual and automated processes and controls using descriptive and risk-focused narratives
· Assess the effectiveness of process and management controls against cloud control requirements defined to maintain required access, data and privacy protections
· Identify and recommend business process changes resulting in strengthened procedural, detective, and logging controls
· Collaborate with control owners to implement process changes and track to completion
· Advise and collaborate on projects by providing DevSecOps controls expertise and considerations
· Apply Identity Management, Secure Development, Asset and Configuration Management knowledge and expertise to prevention and built-in compliance design challenges
· Perform continuous readiness and remediation tracking of cloud services and applications for an audit
· Guide control owners in establishing operational processes and controls for SaaS solutions operating in a cloud provider
Highlights
· Act as escalation point from business teams and
· Primary skill – Cloud Security Controls Remediation Advisor / Monitor
· Some background in general IT controls monitoring, AWS and Azure Clouds Preferred; Good to have SQL query language
· Communication is key – consultative remediate status tracking and monitoring
Preferred Experience
· Possess strong organizational skills, attention to detail, excellent verbal and written English communication skills
· Understanding of network protocols (TCP/IP v4/6, SSL/TLS, IPSEC, FTP, HTTPS etc.)
· Understanding of native cloud compute resources, landing zones and behaviour health metricsWeb Server, database and Security (firewall/NIDS/NIPS) logs and log formats.
· Understanding of String Parsing and Regular Expressions.
· Experience with scripting languages such as python or PowerShell
Responsibilities
Responsible for serving as a Tier 1 Cloud Security & Governance Analyst. Primary duties may include, but are not limited to:
· Perform the detailed and repeatable execution of all operational tasks as documented in Cloud Security & Governance (CS&G) subordinate procedures.
· Monitor CS&G Outlook Inbox and Service Now on-platform team notifications for consults, cloud security exceptions and Remediation Status tracking to closure.
· Perform corrective consults triage cloud control gaps based on cloud security exceptions submissions to include determining cybersecurity risk, and potential business impact.
· Analyze and assess security mitigation statements / narratives and escalate to appropriate internal teams for additional assistance in a timely manner
· Update all relevant documentation such as tickets, remediations and .
· Identify impact of control deficiencies on systems, and using available tools determine if data was exfiltrated.
· Provide tuning recommendations based on findings from assessments or vulnerability and threat information reviews.
· Serve as experts for security/information assurance policy recommendations.
· Build relationships with other client business units to strengthen cloud controls rigors throughout the organization.
· Responsible for long term analysis and investigation into Client cloud activities, and the creation of custom logic to detect unique access to Client’s information assets.
· Draft reports and/or briefings for events/incidents.