Information Security Senior Specialist - Cloud

About The Position

Requirements

• Minimum of 5 years of professional experience designing and implementing cloud security controls.
• Bachelor’s degree in Information Systems or Computer Science, and/or equivalent combination of education and work experience within the domain areas of Cloud Security.
• In-depth understanding of cloud security principles, best practices for Azure and/or AWS platforms, and industry frameworks such as OWASP Top 10, NIST, CSA, CIS benchmarks.
• Experience building and implementing Infrastructure as Code and/or Policy as Code governance strategies.
• Experience conducting security assessments, risk analyses, and developing security concepts.
• Hands-on experience with cloud security tools and technologies such as AWS Security Hub, Azure Security Center, Google Cloud Security Command Center, and/or Wiz.
• Extensive knowledge of security tools and technologies such as SIEM, IDS/IPS, DLP, firewalls, PKI, and identity management and how they work in cloud environments.
• Specifically in network security, including AWS networking primitives, security groups, network access control lists, proxies, firewall and WAF technologies.
• Experience with cloud and containerized technologies, AKS, EKS, ECS, serverless, Kubernetes and Docker.
• Extensive knowledge of public cloud service providers and the threats to workloads within those environments.
• Currently hold active AWS Security Specialty or Azure AZ-500 certification.

Nice To Haves

• Master’s degree in Information Systems or Computer Science, and/or equivalent combination of education and work experience within the domain areas of Cloud Security.
• Relevant industry certifications such as ISC2 and SANS GIAC are highly desirable.
• Strong communication and interpersonal skills to work effectively with cross-functional teams.
• Ability to manage multiple projects and priorities in a fast-paced environment.

Responsibilities

• Lead the design and implementation of secure cloud architectures and solutions, ensuring alignment with business objectives and security requirements.
• Maintain and update risk registers and ensure continuous monitoring of cloud security risks.
• Act as a liaison between the security team and other departments to promote a security-first culture.
• Define and implement security controls and policies for cloud environments, ensuring compliance with industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA) and bank security policies.
• Continuously improve security controls and processes to enhance the organization's security posture.
• Develop and maintain documentation for security controls, policies, and procedures.
• Implement Policy as Code (PaC) using tools like HashiCorp Sentinel, Open Policy Agent (OPA), and Terraform.
• Ensure security policies are embedded in CI/CD workflows.
• Write custom modules, scripts, or extensions to adapt security tools.
• Conduct regular security assessments and audits of cloud environments.
• Conduct risk assessments to identify potential security threats and vulnerabilities in cloud environments.
• Package evidence of security policies deployment and effectiveness.
• Participate in internal and external audits to demonstrate compliance with cloud security requirements.

Benefits

• Access to paid time off
• Resources and support to our employees