Cyber/Cloud Security & Risk Officer

Profile Required

Experience : 10 yrs+

- Defines, publishes and maintains processes for Security Governances, Risk and Compliance (GRC) for public cloud (AWS and Azure)

- Define cyber controls for public cloud platform, whilst adhering to a centralized methodology

- Updating and documenting security controls as an accountable part of the public cloud expertise team (e.g.: code security audit)

- Recommending changes to policies or procedures based on new threats or vulnerabilities identified

- Build and enforce hardening checklist comprises of industry's best practices for public cloud

- Provide design time review and guidance to teams building and deploying solution to public/private/hybrid cloud. (Security by Design)

- Conduct risk analysis and define/monitor associated mitigation/remediation plans

- Validate and communicate on the hardening of services and assess the maturity of application/service/infra against the defined security framework

- Carry out monitoring and propose functional improvements within the scope of intervention (security framework, risk analysis....),

- Collecting evidence and performing technical and functional acceptance tests in the context of "infrastructure and service hardening" projects,

- Conducting vulnerabilities scans with automated tools (SAST/DAST etc) to identify potential security issues

- Support/advise the operational security teams (Operation Security Manager),

- Security code review on all the developed infra components.

Expected Deliverables

- Service/Application/Infra maturity reports (assessment report). Assessment against defined maturity model

- Risk analysis file

- Blueprint and/or technical notes,

Services/Infrastructures security compliance reports based on the controls defined and specified (ex: vulnerability management, code audit,.).

Specific Context

- Cybersecurity:

Security audit and framework (ISO 27001, NIST, PCI-DSS): Intermediate to Expert

Pentest knowledge (OWASP, methodology, hacking): Intermediate to Expert

- Public Cloud infrastructure & security (AWS, Azure): Intermediate

Security and Code Audit:

- Amazon Web Application Firewall, Guard Duty, Inspector, IAM Access Analyzer, cloud Trail, Shield, Macie, Config, security Hub

- Azure Security Center, Firewall, DDoS protection, Sentinel, Web Application Firewall (WAF),

- Development knowledge (python, Git, .)

- DevOps tooling and DevSecOps knowledge