4 Fisma Jobs

Introduction About IBM IBM is a global technology and innovation company. It is the most extensive technology and consulting employer globally, with a presence in 170 countries. The diversity and breadth of the entire IBM portfolio of research, consulting, solutions, services, systems and software, distinguishes IBM from other companies in the Industry. Over the past 100 years, a lot has changed at IBM in this new era of Cognitive Business, IBM is helping to reshape industries as diverse as healthcare, retail, banking, travel, manufacturing, and many more, by bringing together our expertise in Cloud, Analytics, Security, Mobile, and the Internet of Things. We like to say, be essential. We are changing how we craft, how we collaborate, how we analyze, how we engage. Join the next generation of innovators, inventors, and entrepreneurs who are crafting the very way the world works. We want the brightest minds doing work that encourages an environment where growth is supported. IBMers get to discover their potential, so theyre inspired to build breakthroughs that help our clients succeed. Were building teams with dynamic strengths with people who want their ideas to matter. Join us - youll be proud to call yourself an IBMer. Our Culture : IBM is committed to crafting a diverse environment and is proud to be an equal opportunity employer. You will receive consideration for employment without regard to your race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Your role and responsibilities We have a team of security compliance leaders overseeing solutions for this complex environment, collaborating with security architects and Cloud DevOps teams internally and around IBM. The security compliance leaders role is to determine the secure operation of the all computer systems, servers, and network connections in accordance with our policies, procedures, and compliance requirements. A security compliance leader in our team will participate in some or all of the following: Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment Required education Bachelors Degree Preferred education Bachelors Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge Compliance leaders do not require dev experience, but it is an advantage. 10+ years of security compliance audit experience is a must Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Introduction About IBM IBM is a global technology and innovation company. It is the most extensive technology and consulting employer globally, with a presence in 170 countries. The diversity and breadth of the entire IBM portfolio of research, consulting, solutions, services, systems and software, distinguishes IBM from other companies in the Industry. Over the past 100 years, a lot has changed at IBM in this new era of Cognitive Business, IBM is helping to reshape industries as diverse as healthcare, retail, banking, travel, manufacturing, and many more, by bringing together our expertise in Cloud, Analytics, Security, Mobile, and the Internet of Things. We like to say, be essential. We are changing how we craft, how we collaborate, how we analyze, how we engage. Join the next generation of innovators, inventors, and entrepreneurs who are crafting the very way the world works. We want the brightest minds doing work that encourages an environment where growth is supported. IBMers get to discover their potential, so theyre inspired to build breakthroughs that help our clients succeed. Were building teams with dynamic strengths with people who want their ideas to matter. Join us - youll be proud to call yourself an IBMer. Our Culture : IBM is committed to crafting a diverse environment and is proud to be an equal opportunity employer. You will receive consideration for employment without regard to your race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Your role and responsibilities Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Required education Bachelors Degree Preferred education Doctorate Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

The impact you will have in this role: In this role, you will be responsible for the functional and technical design of business systems; integration of business services & information security; driving industry-specific best practices & standards; understanding regulatory compliance needs; coordinating test planning & execution; providing leadership to AD teams and acting as technology liaison to all IT areas within DTCC, to the business partners, and to the industry. Leading projects, teams, code reviews are required to be able to lead by example. Your Primary Responsibilities: As an expert solutions engineer and senior software engineer, mission is to help lead our team of innovators and technologists toward crafting next-generation solutions that improve the way our business is run. Taking part in the development and deployment of Cyberark solution. Create and enforce Cyberark PAM policies and procedures, ensuring adherence to industry best practices and regulatory requirements. Develop and manage the PAM roadmap, including technology upgrades, new features, and integrations. Manage and maintain the CyberArk PAM platform, including Privileged Session Manager (PSM), Central Policy Manager (CPM), Password Vault Web Access (PVWA), and Vault. Defines and factors in performance, scalability, availability, resiliency, security, maintainability, support, testing and cost requirements when making technology selection and application design decisions. Define approaches for modernizing legacy applications including migration to public or private cloud infrastructure. Own the engineering design practices of our software development organization. Lead design reviews session. Collaborate with Infrastructure and Solution Architecture to choose efficient hosting environment. Focus on industry practices such as lose coupling of applications, standardization, APIs, reusability, concepts of isolation, extensibility, extendibility, and consistency of solutions while proposing and reviewing architectures. Identify and solve for non-functional requirements for the platform consumers. Ensures solutions adhere to security policies and standards of firm and industry. Conduct POCs for tools as seen fit for the area. **NOTE: The Primary Responsibilities of this role are not limited to the details above. ** Qualifications: Minimum of 10+ years of experience in Information Security with at least 5 years in Privileged Access Management Bachelors degree in Computer Science, Information Systems or a related field and/or equivalent experience Talents Needed for Success: Extensive experience with CyberArk PAM platform, including PSM, CPM, PVWA, and Vault. Ability to understand architectural diagrams and design Advanced understanding of privileged user life cycle management and controls around privileged access. Experience with AWS, Azure, and/or GCP IAM and PAM concepts Experience with troubleshooting issues with PAM solutions and applications. Sound understanding of regulatory requirements and standards such as GDPR, FISMA, PCI, HIPAA, SOX, FICA, etc Ability to guide teams through sophisticated issues and drive resolution for issues that arise within sophisticated and high-risk applications Ability to effectively translate technical information between vendors, IT management and other internal and external IT teams Ability to work with all levels of management to define requirements associated with PAM services, incorporating security standard processes.

The impact you will have in this role: In this role, you will be responsible for the functional and technical design of business systems; integration of business services & information security; driving industry-specific best practices & standards; understanding regulatory compliance needs; coordinating test planning & execution; providing leadership to AD teams and acting as technology liaison to all IT areas within DTCC, to the business partners, and to the industry. Leading projects, teams, code reviews are required to be able to lead by example. Your Primary Responsibilities: As an expert solutions engineer and senior software engineer, mission is to help lead our team of innovators and technologists toward crafting next-generation solutions that improve the way our business is run. Taking part in the development and deployment of Cyberark solution. Create and enforce Cyberark PAM policies and procedures, ensuring adherence to industry best practices and regulatory requirements. Develop and manage the PAM roadmap, including technology upgrades, new features, and integrations. Manage and maintain the CyberArk PAM platform, including Privileged Session Manager (PSM), Central Policy Manager (CPM), Password Vault Web Access (PVWA), and Vault. Defines and factors in performance, scalability, availability, resiliency, security, maintainability, support, testing and cost requirements when making technology selection and application design decisions. Define approaches for modernizing legacy applications including migration to public or private cloud infrastructure. Own the engineering design practices of our software development organization. Lead design reviews session. Collaborate with Infrastructure and Solution Architecture to choose efficient hosting environment. Focus on industry practices such as lose coupling of applications, standardization, APIs, reusability, concepts of isolation, extensibility, extendibility, and consistency of solutions while proposing and reviewing architectures. Identify and solve for non-functional requirements for the platform consumers. Ensures solutions adhere to security policies and standards of firm and industry. Conduct POCs for tools as seen fit for the area. **NOTE: The Primary Responsibilities of this role are not limited to the details above. ** Qualifications: Minimum of 10+ years of experience in Information Security with at least 5 years in Privileged Access Management Bachelors degree in Computer Science, Information Systems or a related field and/or equivalent experience Talents Needed for Success: Extensive experience with CyberArk PAM platform, including PSM, CPM, PVWA, and Vault. Ability to understand architectural diagrams and design Advanced understanding of privileged user life cycle management and controls around privileged access. Experience with AWS, Azure, and/or GCP IAM and PAM concepts Experience with troubleshooting issues with PAM solutions and applications. Sound understanding of regulatory requirements and standards such as GDPR, FISMA, PCI, HIPAA, SOX, FICA, etc Ability to guide teams through sophisticated issues and drive resolution for issues that arise within sophisticated and high-risk applications Ability to effectively translate technical information between vendors, IT management and other internal and external IT teams Ability to work with all levels of management to define requirements associated with PAM services, incorporating security standard processes.