Service Key activities:
Collaborates with the delivery of a Cloud Security Roadmap in multiple security areas (patching, vulnerability, hardening, anti-malware) and govern action plans for each customer to become fully compliant;
Coordinates work into the security functional teams incl. tracking of progress to check whether action plans are met and full reporting on technical as well on executive management level;
Performs data quality analysis to identify gaps and trigger actions to resolve them across the client´s Cloud Infrastructure product owners and key stakeholders in order to ensure accurate security information as a pre-requisite for sustainable and correct data analysis;
Performs cloud data analysis to identify Cyber Security Baseline compliance gaps (asset coverage and process maturity), define scope, activities, high/low-level plan;
Supports the implementation of automated reporting (Public/Private Cloud Service Review reporting, Public/Private Cloud IS Leadership Team) by providing the business requirements aimed to get a central view of cloud security and compliance for the entire cloud estate;
Provides periodical or on-demand effective reports across security controls and global initiatives (such as CCS, SEP, WMPC, SECURED) for different audiences (Technology Leadership team, Service Review meeting, technical teams).
Key-responsibilities:
Definition of business requirements to implement, maintain, and automate standard reporting on client´s Public/Private Cloud Services;
Collecting/cleaning/updating of datasets and processing of data models;
Extraction and synthetic representation of complex analyses carried out by other professionals;
Participate in the governance of security projects related to client´s Public/Private Cloud Services by ensuring the necessary information;
Security reports production on coverage & compliance as per policy to be shared with local markets/Group entities, as well as with technology leadership team;
Govern data quality assurance to be stored in a central repository (e.g. cloud asset inventory tool / internal security tool).
Key-deliverables:
Fully automated reporting;
Regular security report sharing and ad hoc analysis;
Security-related action plans;
Full quality of security information within the Security tool and other applications in use.
Experience, Skills & Competencies:
Consolidated knowledge of the cloud computing paradigm, related technologies and service models;
Consolidated knowledge of Oracle Cloud Infrastructure;
Information security governance (implementation of policies, guidelines and processes);
Consolidated knowledge of IT and data center standards and regulations (e.g. ISO27001 / 20000 /9001, SOX, GDPR, PCI) and of the ITIL framework;
Proven project management experience;
Experience with project management in an information security context;
Strong coordination, analytical and presentation skills;
Fluent English (minimum level required: B2);
3 – 5 years of practical experience in IT Operations, security functions;
Strong organizational and project management skills with the ability to think strategically but work tactically to get things done quickly;
Strong attention to detail;
Self-starter with a strong work ethic;
Excellent communication and presentation skills with the ability to effectively influence and communicate with executive levels of management internally and across external partners.
Must have technical/professional qualifications:
Cloud Operating Model – emphasis on Oracle Cloud Infrastructure;
General background of IT service & security management & governance (e.g. patching, VN remediation, hardening, endpoint protection)
Scripting knowledge (Python, Ruby, Rust, etc.);
General understanding of agile methodologies;
Ability to work across international and distributed teams in a virtual environment;
Able to deal with international customers and partners;
Proficient in MS tools: Excel, PowerPoint;
Experience to work with big data platform.
