Cloud Cyber Security Solutions & Advisory – VP

About The Position

Requirements

• At least 6-8+ years' experience in a combination of risk management, Cloud information security, secure coding, application security, and IT roles. Audit and Cyber Risk Institute framework prior experience a plus.
• Expert in security configuration with a focus on executing information security risk assessment/testing methodologies, Secure Software Development Lifecycle, evaluating the adequacy and efficiency of internal controls; and identifying issues resulting from internal and/or external compliance examinations especially in cloud environments.
• Experience with process documentation and designing/executing control test scripts.
• Working knowledge of application security principles, secure SDLC practices and common vulnerabilities impacting applications
• Experience with tools such as SAST, DAST and threat modeling
• Experience assessing modern application architectures, including API’s, microservices, containers and cloud-native apps
• Ability to interpret vulnerability scans, penetration test results, SAST and DAST reports and translate findings into risks the business understands
• Understanding of the regulatory environment and regulations related to technology risk, and Office of the Comptroller of the Currency (OCC) and Federal Reserve Board (FRB) expectations.
• Professional certifications in major cloud providers for security such as AWS Certified Security – Specialty, Microsoft Certified: Cybersecurity Architect Expert or Azure Security Engineer Associate and other related certificates such as Certified Information System Auditor (CISA), Certified Information Systems Manager (CISM), Certified Information Systems Security Professional (CISSP).
• Ability to constructively work both independently and in collaborative environments involving all levels of management and employees.
• Ability to manage multiple priorities concurrently, prioritize, and efficiently complete responsibilities while maintaining the highest quality.
• Bachelor's degree in related IT or Information Security disciplines.
• Excellent analytical, organizational, and conceptual skills.
• Excellent oral and written communication skills.

Responsibilities

• Define comprehensive, cloud-aware security controls for applications prior to architectural design, ensuring alignment with enterprise risk appetite and regulatory mandates.
• Develop control requirements that span IaaS, PaaS, and SaaS models across major cloud providers and hybrid environments.
• Identify risks in cloud resources and collaborate with technology teams, control partners, and business stakeholders.
• Ensure controls address data confidentiality, integrity, availability, and non-repudiation, with clear delineation of responsibilities between enterprise and application teams.
• Integrate regulatory and compliance requirements into control specifications.
• Perform risk assessments on applications across development and production environments, including code reviews
• Review third-party application architectures and identify risk
• Collaborate with development, DevOps and App Sec teams to understand application architectures and identify potential security risks
• Create threat models for applications, review output from DAST and SAST reviews, penetration testing reports
• Participate in security governance of SDLC, design reviews and secure coding standards (OWASP)
• Utilize the MITRE ATT&CK framework to identify and mitigate threats effectively.
• Cross-train other teams on threat modeling techniques and best practices.
• Analyze existing solution architectures to validate alignment with expected control baselines.
• Identify and challenge architectural patterns that may introduce risk or fail to meet evolving threat and compliance landscapes.
• Recommend compensating controls or alternative design strategies where necessary.
• Ensure all controls are traceable to business risks, regulatory requirements, and internal policies.
• Collaborate with compliance, legal, and audit teams to ensure control frameworks support regulatory examinations and internal audits.
• Act as a bridge between cybersecurity, cloud architecture, application development, and compliance teams.
• Lead control design workshops and cloud risk assessments during early stages of the SDLC and cloud migration initiatives.
• Stay current on emerging cloud threats, misconfiguration risks, and evolving regulatory expectations in the financial sector.
• Participate in cloud security communities and working groups to benchmark and improve internal practices.
• Monitor emerging security threats and vulnerabilities specific to application security

Benefits

• comprehensive health and wellness benefits
• retirement plans
• educational assistance and training programs
• income replacement for qualified employees with disabilities
• paid maternity and parental bonding leave
• paid vacation
• sick days
• holidays