The Senior Information Security Officer – Cloud Governance will be a member of the Business Information Security Officer (BISO) organization. In this role, you will work closely with the line of business BISOs, the company’s cloud governance body, and the Chief Technology Office (CTO) to ensure effective evaluation of and adherence to security requirements and controls for business and technology solutions hosted on public cloud platforms, whether implemented directly by the company with Infrastructure-as-a-Service (IaaS) providers or through third party Software-as-a-Service (SaaS) or Platform-as-a-Service (PaaS) providers. You will be supporting a specialized technology and security area to develop a deep understanding of risks and controls in order to have risk-based information security discussions and enable defensible governance decisions. This relationship will ensure a focus on the right risk priorities. You will also provide guidance on information security topics, policies, processes, and controls as it pertains to cloud computing .
• Possesses strong / experienced technology governance, risk management, or information security background; with solid knowledge of technology lifecycle from sourcing, policy, SDLC (design, testing, deployment), to production operations and the different risk elements associated with each phase.
• Serves as an information security subject matter expert and participates in the establishment and continuous improvement of cloud security requirements and control review of the company’s cloud governance process.
• Provides guidance and advocacy regarding the prioritization of business and technology investments that impact information security for the use of cloud computing technology.
• Advises business and technology management on risk issues related to cloud security and recommends actions in support of the bank's wider risk management and compliance programs.
• Monitors cloud security trends internal and external to the company and keeps governance body and information security leadership informed about information security-related threats and risks.
• Manages quality control and reporting of relevant cloud security governance and evaluation processes.
• Ensures compliance with policies and laws/rules/regulations related to cloud computing and cloud security.
• Drives GIS and LOB cloud governance deliverables that pertain to information security.
• Collaborates with risk partners on info security critical priorities.
• Identifies and measures global information security (GIS) controls related to cloud governance and cloud computing implementations.
• Has a deep understanding of security for cloud computing platforms.
• Ability to build strong partner relationships with peer technology groups.
• Supports the triage process and helps them understand the GIS support structure.
• Drives required risk culture and partnership with peer technology teams.
• Participates in key operating routines to drive information security risk strategy.
• Information Security & Technology professional with 10+ years of information security or technology risk management experience with proven ability to effectively apply risk principles to challenging business and technology situations.
• Strong subject matter expertise in cloud security and development of risk appetite.
• Significant experience evaluating cyber security controls and providing guidance for platform or distributed computing platforms (Cloud – IaaS, PaaS, SaaS).
• Exceptional executive presentation and communication skills; Comfortable in delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.
• Strong leadership skills and qualities which enable you to work with peers and various levels of management; Excellent influencing and problem resolution skills.
Bachelor's degree, or higher, in Information Technology or related field.