Apply now »

Cloud Security&Compliance Expert

Date:  06-Aug-2022
City:  Łódź
Company:  GFT Technologies SE

 

Job Description:

 

As a Cloud Security&Compliance Expert you will be managing the impact that comes from the various financial legal regulations to the technical (often cloud-based) solutions and deployments of GFT customers.

 

You will be responsible for interpreting and mapping legal regulations to include their technical/technological aspects within the IT infrastructure, applications’ configuration and the overall IT architecture landscape.

 

You will advise to GFT customers in implementing security requirements and help the stakeholders in any affair concerning security (mainly coming from cloud-hosted projects). You will be responsible for managing security assessments to determine cloud security condition. You will be supposed to keep updated on the latest security threats and cloud technologies.

 

Equally to the above responsibilities, you will take part in defining GFT security offering and contribute to the various internal security processes, ie: internal IT-related projects evaluations, vulnerability and patch management, security analysis. You will participate in reviews of cloud security products to provide technical guidance on where GFT offering should follow in mid- and long-term.

 

Involvement to customer’ projects: 80%

Involvement to internal projects: 20%

 

The target involvement can vary and change in the course of time, depending on the current customers’ demands.

 

 

Main job tasks and responsibilities:

 

  • Providing the technical advisory on how to map security-related legal regulations to the customers’ deployments/solutions
  • Designing a security architecture for cloud deployments, minimum safeguards, introduce security baselines
  • Providing deep technical advisory to the customers and internal teams to follow the best cloud security practices and adjust to the market standards and external regulations
  • Deploying and maintaining 3rd party security products in cloud environments for GFT customers
  • Evaluating compliance/security posture in customers’ deployments
  • Contributing to the Global Security Practice in building common knowledge base on cyber security / information security
  • Developing and managing the content of GFT cloud security standards
  • Conducting compliance evaluations/analysis against defined, both legal and technical, requirements
  • Support internal IT teams in implementing security requirements security good practices
  • Researching for latest cloud security threats, analyse the current situation and provide feedback for internal cloud security knowledge base. Provide the solutions or workarounds to mitigate the risks

 

 

Education and Skills:

 

  • A Bachelor in Computer Science or similar
  • At least 8 years of experience in IT required
  • At least 5 years of experience in IT Security & Compliance required
  • Good English written/verbal communication skills
  • Being familiar with the basic security concepts: CIA triad, SoD, least privileses, need-to-know, defence-in-depth, open-design, AuthZ, AuthN, RBAC, fail securely, avoid “security by obscurity”, data security "at rest” and  “in-trasit”
  • Knowledge in legal regulations that impact regulated sectors, especially financial industry, eg: GDPR, PSD2; or at least the ability to freely navigate through the legal requirements and interpret them to the technical solutions
  • Knowledge of IT security frameworks and standards is required (ISO2700x, CIS Benchmarks, NIST, PCI DSS)
  • The ability to translate technical language into business terms is required
  • At least MEDIUM knowledge in the area of at least one of the leading cloud providers is needed (Azure, GCP, AWS); hybrid/multi-cloud integrations’ knowledge would be highly appreciated
  • Ability to triage and deep dive into potential cloud threats and relay risks
  • Demonstrated understanding of IT Security domains: security and risk management, asset security, security architecture and engineering, communications and network security, identity and access management, security assessment and testing
  • Cross-sectional knowledge of the basics of security technology is required: SIEM, SOAR, IDAM, DLP, IAM, PIM/PUM, BDS; hands-on experience with the usage or deployments of at least one of those would be of a great advantage
  • Good understanding of the primitives of cryptography and key management best practices
  • Completed certification in on or more enlisted cloud security paths, will of advantage:
    • CCSK by Cloud Security Alliance (CSA)
    • CCSP by (ISC)2 and the Cloud Security Alliance (CSA)
    • ISO27001 Implementer/Lead Auditor
    • PCI ISA
    • Certificate of Cloud Audit Knowledge (CCAK)
    • AZ-500 by Microsoft
    • SCS-C01 by AWS
    • PCSE by Google
  • Certification in CISSP or CASP+ will be of advantage
  • Knowledge of recommendations from Polish Financial Supervision Authority on IT/IT Security matter would be of great advantage
  • Good presentation skills to provide clear and supportive information to non-technical audience
  • Ability to work autonomously and to lead tasks assigned from the beginning to the end. It’s a must have skill for this position
  • Problem solver, not a trouble maker definitely needed
  • Being able to work with many tasks at the same time
  • Good team skills, open for other cultures

 

 

We offer you:

 

  • Working in a highly experienced and dedicated team
  • Competitive salary and extra benefit package that can be tailored to your personal needs (private medical coverage, sport & recreation package, lunch subsidy, life insurance, etc.)
  • Permanent or B2B contract
  • On-line training and certifications fit for career path
  • Free on-line foreign languages lessons
  • Regular social events
  • Access to e-learning platform
  • Ergonomic and functional working space with 2 monitors (you can also borrow monitors and office chair for your home office)

Apply now »