Cloud Application Security Engineer
For Those Who Work At Home, OH
Full Time Senior-level / Expert USD 92K - 148K
Location:
For Those Who Work At Home - Various, Ohio 44145Serves as the senior process owner for Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM), cloud security configuration baselines, Policy as Code development and policy enforcement for the CIS Application Security team. All associated efforts are to promote and advance information security processes and culture, and must reflect compliance with best practices, applicable federal and industry regulations, as well as company information security policies and standards.
Job Description
Required Qualifications:
- Bachelor degree preferred; equivalent experience of 8 or more years of combined experience within information technology or information security is acceptable
- Qualified candidate will include 8+ years of broadly based, progressive experience in information systems or information security environments
- Ability to lead an enterprise wide information security program and processes related to cloud security and policy as code enforcement
- Ability to build and sustain collaborative relationships with multiple constituencies
- Ability to translate information security terminology into terms understandable to diverse groups
- Excellent written and oral communication skills
- Excellent analytical and problem solving skills
- Excellent facilitation and negotiation skills
- Ability to work independently
- Ability to multi-task and manage competing priorities
- Detail oriented
- Commitment to teamwork
- Ability to drive Continuous Improvement efforts
Preferred Skills
- Background in cloud development, cloud configurations, and/or cloud security
- Able to guide application and infrastructure teams on cloud security remediation in GCP and Azure
- Able to manage development projects with work intake, sprints, and planned releases
- Background in information security and or organizational communication within the financial services industry
- Understanding of federal and industry regulations associated with information security, such as Sarbanes-Oxley, HIPAA, GLBA, etc.
- Understanding of cloud security frameworks and standards, such as NIST, CSA, CIS, etc.
- Knowledge of systems architecture such as network and distributed systems, and or mainframe systems
- Knowledge of security services such as firewalls, IDS, vulnerability assessment, and authentication
- Previous management experience is desirable
- Professional certification (CISSP, CISM, CCSP, GCSA, or Google Professional Cloud Security Engineer) is desirable
Essential Job Function:
- Coordinates the development, implementation, and administration of high-level cloud security policies and standards
- Coordinates the implementation and enforcement of Policy as Code for secure cloud configuration
- Coordinates and oversees the work of junior team members in Policy as Code development and other operational tasks to maintain the CSPM and SSPM program within the CIS Application Security team
- Coordinates remediation prioritization and triage efforts for the CSPM and SSPM program
- Coordinates the development, implementation, and promotion of effective information security awareness within the organization with the goal of making all employees, contractors, alliances, and other third parties security aware
- Monitors compliance with the organization's information security policies and standards among employees, contractors, alliances, and other third parties, facilitating remediation by referring problems to appropriate department managers for resolution
- Promotes the availability, integrity, and confidentiality of company data, regardless of medium
- Provides direction, guidance, and opinions regarding information security awareness, communication, policies, and standards
- Assists with the development of information security training to all employees, contractors, alliances, and other third parties, as required. Ensures sponsored training conforms to existing policies and standards
- Directs the timely dissemination of information security information
- Serves as an internal information security consultant and liaison to all areas of the organization as a daily activity
- Communicate the practical implications of information security decisions, issues and plans to the organization
- Works with management and the CISO to coordinate policy approval by the Information Security, Continuity, and Privacy Council
- Coordinates and promotes the utilization of the Corporate Information Security intranet web site as an information delivery and awareness tool
- Monitors advancements in information security methodologies and technologies
- Monitors changes in legislation standards that may affect information security
- Participates in enterprise-wide information security architecture discussions, as required
- Participate in and partner with professional information security associations, such as Infragard and ISSA
- Selects and or works with external vendors, outside consultants, and other third parties to improve information security, as required
- Attends conferences and training as required to maintain proficiency
COMPENSATION AND BENEFITS
This position is eligible to earn a base salary in the range of $92,000 to $148,000 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.
Please click here for a list of benefits for which this position is eligible.
Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be Mobile or Home-based, which means you may work primarily either at a home office or in a Key facility to perform your job duties.
Job Posting Expiration Date: 06/05/2024KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category.
Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.
Tags: Application security Azure CCSP CISM CISO CISSP Cloud Compliance CSPM Firewalls GCP GLBA HIPAA IDS Mainframe NIST Privacy SaaS
Perks/benefits: Conferences
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open DoD-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs