Cloud Security Architect

ln the context of Sodexos global digital transformation and within the Global IT Security team, you are able to analyze and understand security challenges in the Cloud. You can devise a relevant approach to maintain and keep secure our Azure ecosystem, and you can also issue security requirements for IT projects, either migrated or born in the Cloud.

Responsibility:

• Define technical and functional security pre-requisites in main cloud projects, in line with IT and information security strategies, notably regarding digital identities, and cloud integration
• Review Azure Cloud services and propose security requirements in line with the Sodexo IS&T Security Framework
• Contribute to the definition, drafting and roll-out of security policies, directives, and guidelines
• Manage cloud security projects (identification and formalization of requirements, testing and selection of solutions, contract negotiation, implementation)
• Support entities in deploying security solutions taking into account business requirements (internal business owners, clients, BU CIOs, group internal control, group internal audit, external auditors, )
• Provide assistance to regions and BU's to migrate and/or deploy workloads in Sodexo public cloud
• Assess security risks and define appropriate security measures and processes in main business projects to protect data and systems prior go-live and roll-out
• Analyze business and IT requests impacting information and systems security in the Sodexo public cloud, and propose mitigating measures

Required Skills:

• BS in Computer Science or Information Security, MS in Computer Science or Information Security is preferred.
• 3 to 6+ years of experience in Information Security (consulting, audit, architecture)
• At least 2 years of experience with public cloud (Azure preferred)
• Strong technical background (network, system, database, application)
• Experience and knowledge in risk assessment methodologies (ISO27005, eBIOS, etc.)
• Cloud certifications/trainings are preferred (e.g. MS AZ-500, AZ-30x, SANS SEC545)
• Information Security Certification is a plus: ISO 27001, CISSP or CISM or other equivalent
• Strong interpersonal and communication skills, ability to convince, and interact with people at all levels of the IS&T organization
• Fluent in English, with excellent writing skills