Backfill

Job Description

We are looking for a skilled Security Consultant Lead with 9 to 14 years of experience in information security, preferably in cloud security. The ideal candidate will have advanced knowledge of computer science and experience in managing significant Information Security risk management functions. ### Roles and Responsibility Review security architectures and provide pragmatic security guidance that balances business benefits and risks. Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on implementation. Perform threat modeling and risk assessments of information systems, applications, and infrastructure. Maintain Information Security Policies and Compliance standards and enhance InfoSec risk assessment and certification methodologies. Define security configuration standards for shared and multi-tenant platforms and technologies. Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit. Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders. Provide knowledge sharing and technical assistance to other team members, acting as a Subject Matter Expert (SME) in responsible technologies with a deep technical understanding of services and technology portfolios. ### Job Requirements Advanced degree in Computer Science or a related discipline; or equivalent work experience. Candidates are preferred to hold or be actively pursuing related professional certifications within the GIAC family of certifications or CISSP, CISM, or CISA, or similar cloud-security oriented certifications. Minimum 9 years of experience in managing a significant Information Security risk management function. Experience in managing communication of security findings and recommendations to IT project teams, business leadership, and technology management executives. Strong working knowledge of cloud security, infrastructure security, application security, Agile & DevSecOps methodologies, and operational security. Knowledge of common information security standards such as ISO 27001/27002, CSA and CIS Controls, NIST CSF, PCI/DSS, FEDRAMP is preferred. Experience with Azure Active Directory (AAD) based Identity and Access Management and Authorization design and integration with API, IDaaS, and Federation technologies is preferred.