Cloud Security Expert

28 Apr 2020 no comments Dipanjan Mitra 591 Views

Novartis

Job Purpose

Manage operations for systems, tools and applications, ensuring their stability and integrity, while meeting customer service levels.

Major accountability for the Public Cloud Adoption Service delivery

  • Ensure security components are managed and compliance is maintained throughout their lifecycle i.e. protection profiles, security groups, implementation of all resources following security guideline
  • Audit, review and monitor Security: encryption, VPC Flow logs, security groups, routing tables, ACL’s, Elastic IPs
  • Review and endorse Public Cloud security exceptions
  • Assess that operational security is developed through the operating model design and ensure controls are developed to ensure compliance to security controls
  • Responsible for the implementation of the CIS baselines relevant to Public Cloud Vulnerabilities assessment and remediation plan
  • Make sure user/API activities are logged
  • Responsible for the creation of the security dashboard and reports
  • Security Incident Management: incident response and SPOC for SOC
  • Drive security awareness and security training within the operations team
  • Coordination of Penetration Testing activities including managing Amazon Requests
  • Perform risk assessments of new Public Cloud capabilities that we want to operationalize and support the creation of guides for application managers who want to use the service
  • Register, track and update Public Cloud  risks, gaps and remediation’s in the IT360 tool
  • Align and communicate to the Novartis IT Security organization
  • Review CSP Compliance certificates and Audit reports
  • Perform GxP assessment of AWS and Azure cloud Platform on a Yearly basis
  • Responsible for monitoring governance, compliance and security: evaluate resources and management of resources, configuration, tagging, change and security
  • Responsible for AWS Config Rules: Define monitoring, change, governance and compliance rules to implement with input from IAM Manager and Security Manager
  • Responsible for the creation of the audit reports and audit automation
  • Responsible for reviewing and driving resolution of findings in the Trusted Advisor report
  • Register, track and update Public Cloud  risks, gaps and remediation’s in the IRM tool
  • Align and communicate to the Novartis IT Security organization
  • Make sure the alerts are checked within Azure security center
  • Remediate vulnerabilities related to infrastructure/services in Azure Cloud
  • Define Azure policies and work with the Engineering team to implement and Review
  • Review the configuration of Azure services
  • Make sure services are implemented as per Design specifications
  • Firewall change form approvals for Azure and AWS cloud changes
  • Review/Approval of IAM policies

Accountabilities

In addition to accountabilities listed above in Job Purpose:

  • Support external technical resources in providing the right expertise to deliver and shape the service
  • Ensure Public Cloud Service is operated in line with Service Operations manager
  • Build knowledge and expertise in the specific areas covered by the Cloud Service
  • Ensures necessary technical training, awareness and experience levels are maintained within the function
  • Report to Service Operation Manager on service issues and/or opportunities to optimize the public cloud services

Job Dimensions (Job Scope)

Budget: No direct budget responsibility
Headcount: Manage up to 10 externals or internals
Geographical Scope: Global
Business Impact: Critical
Business Scope: All Divisions

Other Dimension Considerations

  • Complexity: Moderate complexity (includes GxP);
  • Influence/Impact:  moderate influence/impact (modest size user base with limited geographic spread);5,000+ users impacted/works with key business/IT stakeholders; will oversee vendor resources;
  • Knowledge & Skills: 10+ years of experience in relevant technology. Ability to work fully work independently. Ability to lead without authority and a good understanding of business processes.

Education/Experience

Education

Essential:

  • Bachelor’s degree in Information Technology, Computer Science, or Engineering.
  • ITIL Framework & certification (minimum ITIL foundation)
  • Security Certifications, CCSK/CCSP, CEH, ISO27001 LA, PCI-DSS, CISA/CISM

Experience

  • More than 10 years of overall experience with minimum 5 years in Cloud Security Operations in global Cloud environments; delivering infrastructure and Platform services across geographic and business boundaries
  • AWS/Azure Cloud Architecture experience – responsible for influencing  the design of complex public cloud Infrastructure solutions in view of the security design
  • Effective relationship management experience
  • Experience in coordination, directing and managing service providers
  • Experience in Cloud audit, review and monitor Security: encryption, VPC Flow logs, security groups, routing tables, ACL’s, Elastic IPs

Product/Market/Customer Knowledge

  • AWS/Azure Cloud Architect
  • Security Certifications, CCSK/CCSP, CEH, ISO27001 LA, PCI-DSS, CISA/CISM

Skills/Job-related Knowledge

  • Strong relationship management skills
  • Familiar with qualified / compliant infrastructures
  • Good understanding of the overall technical environment of Novartis preferred
  • Proven track record working with multinational teams
  • Good presentation and communication skills (written & spoken)

Other

  • Good written, presentation and verbal communication skills
  • Languages: Fluent in English (written & spoken), additional languages a plus

To apply for this job email your details to kapil-1.sharma@novartis.com

Apply using webmail: Gmail / AOL / Yahoo / Outlook

Disclaimer :The views expressed by the author in this article/blog/note are personal and have nothing to do with their organisation, or ITNext(a part of 9.9 group pvt ltd)