Security Architect

Introduction
At IBM work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so lets talk.

Your Role and Responsibilities
Are you passionate about Hybrid Cloud architectures? Do you want to help make our Cloud offerings the most secure in the industry? If you answered YES then we have the right opportunity for you!

We are seeking a highly skilled and motivated a Cloud Security Architect (CSA) for the IBM Power Systems Virtual Server offering. The ideal candidate will play a crucial role in ensuring the security and compliance of Cloud infrastructure. The Cloud Security Architect will advise on security initiatives review and evaluate newly proposed cloud and security technologies and work with other teams to secure the cloud infrastructure in accordance with industry best practices and the ever-evolving threat and regulatory landscape. The CSA advises the team on proven design patterns evaluates risks and takes a proactive approach in continually assessing the security of these platforms throughout their lifecycle providing recommendations for enhancing security and adapting to new threats and vulnerabilities.

The Security Architect role focuses on continuous monitoring and strengthening of the Cloud security processes aiming to ensure compliance with internal and external profiles and audits.

Responsibilities:

• Provide security and compliance subject matter expertise on cloud applications and platforms.
• Review new cloud service offerings and partner technologies for potential information security risk as part of IBM’s change management and architecture review processes.
• Ensure compliance of solutions against applicable standards and in accordance with the IBM’s security compliance and privacy policies.
• Stay informed on emerging cloud technologies and evaluate vendor offerings to determine best fit for IBM’s business needs.
• Draft technical documents for systems architectures and processes.
• Collect and validate security controls from IBM and external regulatory profiles.
• Identification of risks threats vulnerabilities and potential anomalous events flows.
• The definition of security processes for assurance management and compliance.
• The design integration and deployment of processes and architectures for end-to-end security including Networks Storage Server Infrastructure Management Applications and Systems.
• Staying current with industry regulations and standards ensuring the organization’s adherence to relevant compliance frameworks including ISO 27K SOC1 SOC2 HIPAA HITRUST PCI DSS and IBM Cloud Financial Services.

Required Technical and Professional Expertise

• Bachelor’s degree in Computer Science Information Security or a related field.
• Minimum of 7 years of experience in a Security and Compliance relevant role or similar.
• Proven experience in security engineering and compliance roles.
• In-depth knowledge of security frameworks (ISO 27001 NIST etc.) and compliance requirements with specific experience in SOC1/SOC2 HIPAA PCI-DSS and FS Cloud.
• Familiarity with industry best practices in areas such as access control encryption and identity management.
• Strong understanding of networking protocols firewall management and intrusion detection/prevention systems.
• Experience with security tools and technologies.
• Excellent communication and interpersonal skills.

Preferred Technical and Professional Expertise

• Master’s degree in Computer Science Information Security or a related field.
• Review the current enterprise cloud architecture to identify weaknesses and opportunities for improvement using cloud solutions.
• Actively participates in the vulnerability management program including pre-deployment risk and compliance assessments.
• Conduct regular technical risk assessments of systems and infrastructure.
• Oversee and directly participate in the installation configuration and management of cloud security technologies.
• Manages cloud security projects as assigned.
• Actively participate in the maintenance and development of the cloud security roadmap.

Certifications (Preferred):

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)