Purpose of Job
Reporting to the Associate Director, Security & Business Continuity, the Principal, Cloud Security will join the Infrastructure and Operations Team and is responsible for defining, reporting and enhancing the security around all Cloud services.
This is a senior ‘doing’ role and due to the broad scope and multiple interdependencies of this initiative, the successful candidate will need to be:
• Responsible for working closely with the Associate Director, Cloud & DevSecOps and Principal, DevOps to create a Cloud DevSecOps Practice which is capable of delivering and operating all Cloud services securely.
• Work closely with the relevant teams to assist in defining a Cloud Security Strategy and Roadmap which is aligned with the IT strategic plan.
• Assist in defining EBRD Cloud Security standards and govern against them.
• Accountable for designing a Secure by Design mind set.
Accountabilities & Responsibilities
Creation of Cloud Security implementation standards using product specific technologies
Driving security change through the development or review of security design standards and ensure compliance against these standards.
Validate the implementation of cloud standards and procedures in collaboration with operations, architecture and development functions/teams.
Promoting DevSecOps methodology within the DevOps working environment
Driving the reduction of open Security defects and vulnerabilities through raising awareness within the DevOps teams and the regular reporting of current security status.
Provide direction to the business on Cloud best practice, processes and procedures as well as automation enabling continual service improvement and self service delivery capabilities.
Drive and support key technology decisions in relation to Cloud platforms in support of the existing and new product roadmaps that are aligned to the Tech 2025 strategy.
Working closely with other stakeholders including the Technical Operations and Applications and Integration teams to establish a Cloud DevSecOps practice.
Define and publish all Cloud and DevSecOps standards and govern delivery against these standards.
Work closely with the AD Cloud Operations, AD IT Security, AD Technical Ops, and Principal, DevOps to establish a Cloud DevSecOps practice, and manage the transition from the current model to this new model.
Be the project SME on security technical designs and specifications.
Participate in investigations to troubleshoot and resolve complex technical problems using a variety of techniques.
Participate in work to write scripted procedures to support secure operational delivery automation and secure continuous improvement.
Qualifications & Skills / Experience & Knowledge
• Minimum educated to degree level in a relevant discipline
• Highly effective team player being flexible and open in thought and action
• Highly effective communicator and able to do so with transparency and honesty, engaging both stakeholders and your direct and matrix team members.
• Overarching knowledge of Cloud Security & DevSecOps best practice, such as CSA, OWASP, ISO27017
• Detailed understanding of Cloud Security & DevSecOps compliance tools and best practise for the implementation and utilisation of these tools
• Able to demonstrate significant DevSecOps experience in similar sized organisations
• Extensive experience of automated security application controls
• Extensive experience of Azure Cloud, M365 and all supporting technologies
• Proven experience in establishing and leading a Cloud Security Operations Function
• Good understanding of with all aspects of the Agile SDLC and the implications on services within an ITIL framework.
• 10 years plus experience working on cloud platforms (Azure/AWS/GCP) with solid troubleshooting skills
• Fluency in oral and written English is essential
• Good organisational and multi-tasking skills
• Ability to operate sensitively end effectively in a multicultural environment