15 Fedramp Jobs

We have a team of security compliance leaders overseeing solutions for this complex environment, collaborating with security architects and Cloud DevOps teams internally and around IBM. The security compliance leader’s role is to determine the secure operation of the all computer systems, servers, and network connections in accordance with our policies, procedures, and compliance requirements. A security compliance leader in our team will participate in some or all of the following: Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge Compliance leaders do not require dev experience, but it is an advantage. 10+ years of security compliance audit experience is a must Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Generate compliance reports from an existing dashboard or build requirements to create a new reporting dashboard Proactively Monitor, track, and report on security compliance status across systems and processes. Analyze large datasets to identify trends, anomalies, and compliance risks. Support security audits, assessments, and certification efforts through data collection and analysis. Possess strong communication skill, collaborate with cross-functional matrix teams to drive root cause analysis, corrective actions and improvements based on data insights. Maintain and enhance compliance reporting dashboards and metrics for leadership visibility and decision making. Required education Bachelor's Degree Required technical and professional expertise Experience working with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Working with the Development teams to ensure automation of evidence collection and evidence management is always in line with compliance expectations, otherwise, identifies specific actions and owners to meet the expectations. Assisting team members in addressing highly complex security issues applicable to enterprise environment Ability to utilize project management principles to properly scope compliance work efforts by service lines, identify common areas of work, and create a measurable milestone plans across service lines to enable completion of compliance work items on time. Ability to manage multiple priority projects simultaneously under a short timeline Experience/familiar with enterprise risk management (ERM) framework, service delivery operations, software development lifecycle and be able to understand when to request and integrate risk items into compliance reporting. Experience with compliance programs such as FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, PCI, NIST, ISO, ITAR, etc. Conducting regular reviews on compliance progression of systems and hosting internal audit/assessment as required to maintain compliance certifications. Ability to translate and interpret regulatory compliance requirements into technical controls Ability to understand cloud enterprise business computing operations/requirements, and effectively communicate to service lines what is expected in order to consider a work item complete. Also, will possess good understanding of networking security including security systems such as firewalls, intrusion detection, vulnerability scanning, OS patching, health-checking Diagnosing the root cause of problems and propose solutionsExamples would be failed patches, tooling issues, false positives on system tests, authentication problems. Drive and track audit, security and compliance finding remediation to closure. Experience with enterprise configuration Management database (CMDB) or IT Asset inventory Management. Understand CMDB's structure, data quality, relationships between CIs (Configuration Items), and updates. Use the CMDB for risk, audit, and compliance analysis and reporting Proficiency in SQL, Excel (advanced levelpivot tables, macros), and ServiceNow— data analytics and visualization functionalities Ability to process large datasets, identify and handle missing data, data transformation, normalization, and data quality checks. Ability to perform data analysis to discover patterns and trends to mitigate security risks and drive business results Work with stakeholders to define key metrics and KPIs; develop dashboards and reports for business users. Collaborate with database engineers, data owners, security focal, product managers, and broader metrics teams to understand data needs. Results oriented with intense focus on achieving both short and long term goals. He/she should be able to drive and execute an agenda in a fast paced, dynamic environment. Strong project management skills with ability to design visual and appealing presentations Strong collaboration, problem-solving and critical-thinking abilities. Excellent communication skills — ability to explain technical findings to non-technical audiences. Good time management, organizational skills, and ability to prioritize tasks. Curiosity and a continuous learning mindset. A highly organized with strong attention to detail, analytical and project management skills Work independently within a team focused organization. Preferred technical and professional experience Experience or familiar with cloud service models; IaaS preferred. Project management and consulting experience is a plus Experience with process automation is a plus Experience with Linux Shell, Perl or Python is a plus

Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Supporting Data center audits focussed on Physical Security control assessments Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment

Introduction About IBM IBM is a global technology and innovation company. It is the most extensive technology and consulting employer globally, with a presence in 170 countries. The diversity and breadth of the entire IBM portfolio of research, consulting, solutions, services, systems and software, distinguishes IBM from other companies in the Industry. Over the past 100 years, a lot has changed at IBM in this new era of Cognitive Business, IBM is helping to reshape industries as diverse as healthcare, retail, banking, travel, manufacturing, and many more, by bringing together our expertise in Cloud, Analytics, Security, Mobile, and the Internet of Things. We like to say, be essential. We are changing how we craft, how we collaborate, how we analyze, how we engage. Join the next generation of innovators, inventors, and entrepreneurs who are crafting the very way the world works. We want the brightest minds doing work that encourages an environment where growth is supported. IBMers get to discover their potential, so theyre inspired to build breakthroughs that help our clients succeed. Were building teams with dynamic strengths with people who want their ideas to matter. Join us - youll be proud to call yourself an IBMer. Our Culture : IBM is committed to crafting a diverse environment and is proud to be an equal opportunity employer. You will receive consideration for employment without regard to your race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Your role and responsibilities We have a team of security compliance leaders overseeing solutions for this complex environment, collaborating with security architects and Cloud DevOps teams internally and around IBM. The security compliance leaders role is to determine the secure operation of the all computer systems, servers, and network connections in accordance with our policies, procedures, and compliance requirements. A security compliance leader in our team will participate in some or all of the following: Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment Required education Bachelors Degree Preferred education Bachelors Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge Compliance leaders do not require dev experience, but it is an advantage. 10+ years of security compliance audit experience is a must Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Introduction About IBM IBM is a global technology and innovation company. It is the most extensive technology and consulting employer globally, with a presence in 170 countries. The diversity and breadth of the entire IBM portfolio of research, consulting, solutions, services, systems and software, distinguishes IBM from other companies in the Industry. Over the past 100 years, a lot has changed at IBM in this new era of Cognitive Business, IBM is helping to reshape industries as diverse as healthcare, retail, banking, travel, manufacturing, and many more, by bringing together our expertise in Cloud, Analytics, Security, Mobile, and the Internet of Things. We like to say, be essential. We are changing how we craft, how we collaborate, how we analyze, how we engage. Join the next generation of innovators, inventors, and entrepreneurs who are crafting the very way the world works. We want the brightest minds doing work that encourages an environment where growth is supported. IBMers get to discover their potential, so theyre inspired to build breakthroughs that help our clients succeed. Were building teams with dynamic strengths with people who want their ideas to matter. Join us - youll be proud to call yourself an IBMer. Our Culture : IBM is committed to crafting a diverse environment and is proud to be an equal opportunity employer. You will receive consideration for employment without regard to your race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Your role and responsibilities Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Required education Bachelors Degree Preferred education Doctorate Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Generate compliance reports from an existing dashboard or build requirements to create a new reporting dashboard Proactively Monitor, track, and report on security compliance status across systems and processes. Analyze large datasets to identify trends, anomalies, and compliance risks. Support security audits, assessments, and certification efforts through data collection and analysis. Possess strong communication skill, collaborate with cross-functional matrix teams to drive root cause analysis, corrective actions and improvements based on data insights. Maintain and enhance compliance reporting dashboards and metrics for leadership visibility and decision making. Required education Bachelor's Degree Required technical and professional expertise Experience working with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Working with the Development teams to ensure automation of evidence collection and evidence management is always in line with compliance expectations, otherwise, identifies specific actions and owners to meet the expectations. Assisting team members in addressing highly complex security issues applicable to enterprise environment Ability to utilize project management principles to properly scope compliance work efforts by service lines, identify common areas of work, and create a measurable milestone plans across service lines to enable completion of compliance work items on time. Ability to manage multiple priority projects simultaneously under a short timeline Experience/familiar with enterprise risk management (ERM) framework, service delivery operations, software development lifecycle and be able to understand when to request and integrate risk items into compliance reporting. Experience with compliance programs such as FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, PCI, NIST, ISO, ITAR, etc. Conducting regular reviews on compliance progression of systems and hosting internal audit/assessment as required to maintain compliance certifications. Ability to translate and interpret regulatory compliance requirements into technical controls Ability to understand cloud enterprise business computing operations/requirements, and effectively communicate to service lines what is expected in order to consider a work item complete. Also, will possess good understanding of networking security including security systems such as firewalls, intrusion detection, vulnerability scanning, OS patching, health-checking Diagnosing the root cause of problems and propose solutionsExamples would be failed patches, tooling issues, false positives on system tests, authentication problems. Drive and track audit, security and compliance finding remediation to closure. Experience with enterprise configuration Management database (CMDB) or IT Asset inventory Management. Understand CMDB's structure, data quality, relationships between CIs (Configuration Items), and updates. Use the CMDB for risk, audit, and compliance analysis and reporting Proficiency in SQL, Excel (advanced levelpivot tables, macros), and ServiceNow— data analytics and visualization functionalities Ability to process large datasets, identify and handle missing data, data transformation, normalization, and data quality checks. Ability to perform data analysis to discover patterns and trends to mitigate security risks and drive business results Work with stakeholders to define key metrics and KPIs; develop dashboards and reports for business users. Collaborate with database engineers, data owners, security focal, product managers, and broader metrics teams to understand data needs. Results oriented with intense focus on achieving both short and long term goals. He/she should be able to drive and execute an agenda in a fast paced, dynamic environment. Strong project management skills with ability to design visual and appealing presentations Strong collaboration, problem-solving and critical-thinking abilities. Excellent communication skills — ability to explain technical findings to non-technical audiences. Good time management, organizational skills, and ability to prioritize tasks. Curiosity and a continuous learning mindset. A highly organized with strong attention to detail, analytical and project management skills Work independently within a team focused organization. Preferred technical and professional experience Experience or familiar with cloud service models; IaaS preferred. Project management and consulting experience is a plus Experience with process automation is a plus Experience with Linux Shell, Perl or Python is a plus

We have a team of security compliance leaders overseeing solutions for this complex environment, collaborating with security architects and Cloud DevOps teams internally and around IBM. The security compliance leader’s role is to determine the secure operation of the all computer systems, servers, and network connections in accordance with our policies, procedures, and compliance requirements. A security compliance leader in our team will participate in some or all of the following: Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge Compliance leaders do not require dev experience, but it is an advantage. 10+ years of security compliance audit experience is a must Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Required education Bachelor's Degree Preferred education Doctorate Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

We have a team of security compliance leaders overseeing solutions for this complex environment, collaborating with security architects and Cloud DevOps teams internally and around IBM. The security compliance leader’s role is to determine the secure operation of the all computer systems, servers, and network connections in accordance with our policies, procedures, and compliance requirements. A security compliance leader in our team will participate in some or all of the following: Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge Compliance leaders do not require dev experience, but it is an advantage. 10+ years of security compliance audit experience is a must Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

We have a team of security compliance leaders overseeing solutions for this complex environment, collaborating with security architects and Cloud DevOps teams internally and around IBM. The security compliance leader’s role is to determine the secure operation of the all computer systems, servers, and network connections in accordance with our policies, procedures, and compliance requirements. A security compliance leader in our team will participate in some or all of the following: Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Minimum of 5 years of relevant compliance experience and cybersecurity knowledge Compliance leaders do not require dev experience, but it is an advantage. 3+ years of security compliance audit experience would be more appropriate Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Required education Bachelor's Degree Preferred education Doctorate Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

About this role: Wells Fargo is seeking a Senior Information Security Engineer In this role, you will: Lead or participate in computer security incident response activities for moderately complex events Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security Review and correlate security logs Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals Required Qualifications: 4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Qualifications: 4+ years of Software Engineering Information Cybersecurity experience. 1+ year of deep Prisma Cloud Enterprise experience , or experience with a similar Cloud Security Posture Management tool Proven experience creating Prisma Cloud Enterprise custom policies via RQL, or experience with policy development for a similar Cloud Security Posture Management tool Extensive cloud Security knowledge of services, workloads, and hardening practices Knowledge/experience with scripting/automation languages such as Terraform, Python and/or PowerShell Strong verbal and written communication skills Proven ability to work independently, as well as having strong interpersonal skills to work effectively within a Team and with partner Teams. 2+ years of Kubernetes experience Experience in implementing security solutions in Google Cloud Platform or Microsoft Azure Experience with creation of Build policy subtype in Prisma Cloud Enterprise using YAML Knowledge and understanding of DevSecOps and deployment automation to cloud environment Familiarity with of various cloud security and related risk frameworks (COBIT, Cloud Security Alliance (CSA), FedRAMP, etc.) Experience enabling auto-remediation via Prisma Cloud Experience with IAM & Data protection expertise for monitoring and responding to related incidents. Expertise and experience with API driven automation of policy creation Expertise and experience with Infrastructure as Code (IaC) and/or Policy as Code (PaC) concepts/tools Experience with change and incident management practices in medium to large enterprise environments. Knowledge and understanding of Splunk and/or Google Chronicle. Security certifications such as Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), or equivalent. Microsoft Azure and/or Google Cloud Certifications. Knowledge and understanding of CIS and NIST Cybersecurity frameworks. Experience with Agile Scrum or Kanban methodologies. Job Expectations: Leveraging your deep expertise in writing RQL queries to implement new policies to check for cloud resource misconfiguration/configuration drift. Ability to efficiently transform Information Security requirements into Prisma Cloud Enterprise policies both net new policy creation/development, as well as policy modifications/update. Implement changes to support the remediation or burn down of alerts/finding from Prisma Cloud Enterprise scanning. Be a motivated self-starter, quick to adapt and stay focused on delivering results in a fast-paced environment with aggressive deadlines. Working effectively with a virtual Team consisting of members across various locations in the U.S. and India.

Practice:Software and Platform, Industry Consulting, Global Network I Areas of Work:IT Security Governance | Level:Analyst/Consultant Position Overview: As an IT Security Analyst/Consultant specialized in the Software and Platforms industry, you will play a pivotal role in helping our clients enhance their business operations. Youll collaborate closely with clients, business stakeholders, and technical teams to help client organization s look deeper into the security of the ir native environment and improve and embed controls across the company , align ing with industry best practices. Key Responsibilities: 1 - 6 years of strong industry experience in Cybersecurity Strategy, Risk Regulatory Technology ( RiskTech , RegTech ). Should have experience in implementation and assessments of Cybersecurity frameworks (NIST CSF, COBIT) and regulatory guidelines ( e.g. OSFI Technology and Cyber Risk Management (B-13) / Third-Party Risk Management Guideline (B-10)). Must have experience in controls and gap assessments based on industry standards, such as, PCI, NIST 800-53, CIS - CSC and compliance standards/frameworks like ISO 27001/27002, NIST, COBIT, SOX, GLBA, SSAE16/SOC 2, etc. Must have experience and proficient in cyber risk management/control design and testing/ Cybersecurity maturity assessments/ Third Party Risk Management/Supplier or Vendor Risk assessments/ etc Demonstrates knowledge in developing cybersecurity strategies, roadmaps, target operating models, cybersecurity governance models, cybersecurity architecture, cyber policies/standards/ procedures and Board presentations/reports/material. Develop and tailor approaches, methods, and tools to support clients cyber risk programs and initiatives . Strategically drive the development and execution of risk assessments and mitigation plans to enhance the clients ability to identify , evaluate, prioritize, and mitigate risks . Qualifications Qualifications: Masters degree in business , Computer Science, Information Systems, or a related field. Hands on experience working with industry standards and frameworks (e.g., ISO 27001, NIST, HIPAA, FedRAMP, PCI) Demonstrated problem-solving capabilities, and ability to manage complex security requirements. Self-motivated, directed and well-organized, with the ability to see projects through to closure. Excellent communication skills, both verbal and written, for effective interaction with clients and clear communication of technical concepts to non-technical stakeholders. Collaborative team player with the ability to provide thought leadership on cybersecurity solutions. Experience in facilitating workshops, gathering requirements, and presenting to clients. Relevant certifications in cybersecurity/ IT governance/ ISO or related fields are advantageous . Good to have knowledge and experience with GRC tools such as Archer, OpenPages Explore an Exciting Career at Accenture Are you an outcome-oriented problem solverDo you enjoy working on transformation strategies for global clientsDoes working in an inclusive and collaborative environment spark your interest Then, Accenture Strategy and Consulting is the right place for you to explore limitless possibilities. Find endless opportunities to solve our clients toughest challenges, as you work with exceptional people, the latest tech and leading companies in Software and Platforms space.

Are you interested in working in one of the most impactful areas of technology in the world today? Do you want to build generative AI skills while working on a project to transform the most mission-critical IT workloads for organizations that power the global economy? Come join the team that is at the intersection of cutting-edge gen AI and mainframe software development, a key strategic pillar for IBM. As a Gen AI Transformation developer, you will leverage a highly tuned state-of-the-art large language model to transform code from one input source language to another. Role and Responsibilities Analyzing potential areas where non-compliance could occur and proposing mitigation strategies. Creating and updating company policies and procedures to reflect regulatory requirements. Providing compliance training to employees on relevant policies and procedure. Assessing potential security risks and prioritizing mitigation strategies, including PSIRTs and CSIRTs. Develop automation that will improve the reporting, including the creation of dashboards Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise 2+ Years of IT experience. The candidate must have demonstrated: Working knowledge of security concepts including IT security standards, threat modeling, access management, risk analysis. Familiarity with actioning non-compliances, such as vulnerabilities and proposing mitigation strategies Abilities to respond to potential cyber threats through vulnerability scanning, analyzing network traffic, and staying updated on emerging security trends Basic knowledge of security tools Preferred technical and professional experience The candidate should ideally have working knowledge of: Industry regulations and laws to identify potential compliance issues, including: HIPAA, NIST, SOC 2, FISMA, FedRamp, Privacy requirements. Interacting with external agencies to address compliance inquiries and audits. Typical security processes, product lifecycle, penetration testing, architectural diagrams and threat modeling.

The Senior Cloud Security Engineer will lead the deployment, integration, and operationalization of the Cloud Security Posture Management and Cloud Workload Protection Platform within a multi-cloud environment. The Cloud Security Engineer will have very solid interpersonal skills, be a self-starter, and have a desire to maintain enterprise-wide visibility to initiatives related to cloud-based technologies and services. The Cloud Security Engineer is an individual contributor role with deep expertise in Cloud Security and Cloud Engineering best practices. Primary Responsibilities: Implement, maintain, and improve the CSPM and CWPP toolsets in a multi-cloud environment Design, implement and manage security controls to safeguard cloud infrastructure and data Conduct security assessments and audits to ensure compliance with federal regulations and standards (e.g. FedRAMP, NIST) Collaborate with cross functional teams to identify security requirements and develop solutions Develop and maintain security documentation including policies and procedures Stay current with emerging security threats and technologies, providing recommendations for continuous improvement Mentor and provide guidance to junior security engineers and other team members Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: Undergraduate degree or equivalent experience 3+ years of experience in cloud security engineering with 2+ years in a senior or lead role 3+ years of experience working with a wide array of operating systems (e.g. Linux, Windows, Ubuntu, etc.) 2+ years of experience working directly in AWS, Azure or GCP in an enterprise environment 2+ years of experience in scripting and automation focused on cloud-based deployments utilizing languages/frameworks such as Python, Terraform, Cloudformation, etc. 2+ years of experience with container security and orchestration tools (Docker, Kubernetes, etc.) Experience with DevSecOps practices and integrating security into CI/CD pipelines Knowledge of advanced threat detection and response techniques Familiarity and in-depth knowledge of FedRAMP and NIST security frameworks and compliance standards Solid understanding of fundamental security principles/concepts (Networking, Encryption, IAM) Proven outstanding written and verbal communication skills, with the ability to work collaboratively in a team environment Proven excellent problem-solving skills, with the ability to analyze complex security issues and develop effective solutions Preferred Qualification: Relevant security certifications - CISSP or equivalent