What you'll do:

Principal Accountabilities: Key activities and decision making areas

Impact on the Business/Function

- Provide Technical SME oversight of the continuous monitoring for Cloud Platforms Risk and Controls. For example: challenge and validate the shared platform's controls design, operation, effectiveness rational, oversight of mandatory procedure and adherence to operating instructions, KCI definitions and execution, continuous monitoring plan and issue/action updates; assess overall security operational readiness per platform.

- Provide Technical SME support for critical business cloud adoption including workloads (direct use of cloud on org. managed cloud platform; indirect use on cloud SaaS workloads) by providing technical opinion on the workloads controls designs (sampling IAM roles permissions, configurations design/settings), and cloud risk assessment (threat modelling, pen testing) depth and quality prior to going live.

- Provide Technical security opinion to risk and control owners, to ensure effective policy compliance, help identify improvements, share best practices and response to issues and cloud incidents. For example, providing SME guidance on security baseline for native cloud products prior to adoption by IT Developers, monitoring and assessing deviation from cloud native products security patterns.

- Regularly and formally document and communicate information and cyber technology risk observations, and ensure risk management items are appropriately captured in Group's operational risk management systems (i.e. HELIOS).

- Offer SME support on the newly design cloud journey approval process, technical opinion on the adequacy of exit planning, metrics for measure risk aggregation in cloud and risk assessment methodology for cloud workload and platform.

- Offer opinion on the suitability of native Cloud security tooling vs 3rd party vendor security tooling e.g. containers scanning, federated IAM for control improvements

- Attend project steer-cos, workshops, provide independent reporting, packs and evidence for internal and external audit

- Coordination of activities across stakeholders

- Provide periodic view on 2LOD view of the cloud platform top security concerns, maturity, and operational readiness for non-technical stakeholders

Qualifications

What you will need to succeed in the role:

- Strong level of business knowledge and Cloud security risk expertise

- Strong level of risk management knowledge and relevant experience

- Comprehensive knowledge of the internal control environment

- Academics: Graduate or Post Graduate in Computer Engineering or related field

- Overall experience of 14+ years

- Should have worked in banking & risk environment

Key Capabilities

- Information security and risk consultancy

- Programming / engineering / Architecture experience in GCP (min 2 years +)

- Automation scripting (using scripting languages such as Terraform, Ansible etc.) (min 2 years +)

- GCP Certifications, in particular security certifications e.g. GCP Certified Security engineers.

Desirable Skills

- Security and Technology Risk certification (CCSK or CCSP) and CRISC

- Technical knowledge (CSP's, IAM, OS, CI/CD and automation tools)

Role context

- The role holder will maintain close working relationships with the wider ORR team, globally.

- serves the needs of retail, corporate and institutional clients delivering innovative and integrated financial solutions. The Risk function discharges oversight on the management and monitoring of financial and non-financial risk by the businesses and their support functions.

- The importance of non-financial risk and control has increased in recent years and is now the most influential subject for senior management, boards, and regulators. An organisation's ability for effective identification, measurement and mitigation of non-financial risk will have a significant impact on the achievement of strategic objectives.

- The role has influence over a wide group of stakeholders and employees across the organisation.

Operational Resilience Risk (ORR) is the 2nd LoD function, part of Global Risk and independent from day-to-day operations of the 1st LoD (Technology, Cyber Security, etc), acting to ensure that operational resilience including cyber information security risk across the bank is appropriately managed.

The Cloud Security Risk Role drives risk management oversight of use of information technology provided either by Technology function or third parties, focused on cloud adoption and provision. This role will closely interact with control owners and Technology teams in 1LoD, providing oversight and challenge as to the bank's secure use of cloud-related technologies against various internal and external information and cyber security threats, and whether plans to mitigate related risks are appropriately robust and sufficient.

The focus is on cloud and information security risk oversight for related people, process, and technology components.

This a technical role and requires and a combination of hands-on experience in Cloud Technology and Cyber security risk consultancy.

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.