Service Key activities:
Collaborates with the delivery of a Cloud Security Roadmap in multiple security areas (patching, vulnerability, hardening, anti-malware) and govern action plans for each customer to become fully compliant;
Coordinates work into the security functional teams incl. tracking of progress to check whether action plans are met and full reporting on technical as well on executive management level;
Performs data quality analysis to identify gaps and trigger actions to resolve them across the client´s Cloud Infrastructure product owners and key stakeholders in order to ensure accurate security information as a pre-requisite for sustainable and correct data analysis;
Performs cloud data analysis to identify Cyber Security Baseline compliance gaps (asset coverage and process maturity), define scope, activities, high/low-level plan;
Supports the implementation of automated reporting (Public/Private Cloud Service Review reporting, Public/Private Cloud IS Leadership Team) by providing the business requirements aimed to get a central view of cloud security and compliance for the entire cloud estate;
Provides periodical or on-demand effective reports across security controls and global initiatives (such as CCS, SEP, WMPC, SECURED) for different audiences (Technology Leadership team, Service Review meeting, technical teams).
Definition of business requirements to implement, maintain, and automate standard reporting on client´s Public/Private Cloud Services;
Collecting/cleaning/updating of datasets and processing of data models;
Extraction and synthetic representation of complex analyses carried out by other professionals;
Participate in the governance of security projects related to client´s Public/Private Cloud Services by ensuring the necessary information;
Security reports production on coverage & compliance as per policy to be shared with local markets/Group entities, as well as with technology leadership team;
Govern data quality assurance to be stored in a central repository (e.g. cloud asset inventory tool / internal security tool).
Fully automated reporting;
Regular security report sharing and ad hoc analysis;
Security-related action plans;
Full quality of security information within the Security tool and other applications in use.
Experience, Skills & Competencies:
Consolidated knowledge of the cloud computing paradigm, related technologies and service models;
Consolidated knowledge of Oracle Cloud Infrastructure;
Information security governance (implementation of policies, guidelines and processes);
Consolidated knowledge of IT and data center standards and regulations (e.g. ISO27001 / 20000 /9001, SOX, GDPR, PCI) and of the ITIL framework;
Proven project management experience;
Experience with project management in an information security context;
Strong coordination, analytical and presentation skills;
Fluent English (minimum level required: B2);
3 – 5 years of practical experience in IT Operations, security functions;
Strong organizational and project management skills with the ability to think strategically but work tactically to get things done quickly;
Strong attention to detail;
Self-starter with a strong work ethic;
Excellent communication and presentation skills with the ability to effectively influence and communicate with executive levels of management internally and across external partners.
Must have technical/professional qualifications:
Cloud Operating Model – emphasis on Oracle Cloud Infrastructure;
General background of IT service & security management & governance (e.g. patching, VN remediation, hardening, endpoint protection)
Scripting knowledge (Python, Ruby, Rust, etc.);
General understanding of agile methodologies;
Ability to work across international and distributed teams in a virtual environment;
Able to deal with international customers and partners;
Proficient in MS tools: Excel, PowerPoint;
Experience to work with big data platform.