Cloud Security Governance & Devsecops Consultant

Description

As a dynamic multinational tech company operating in 50 countries, we drive innovation, create projects that shape the future, and greatly enhance quality of life. Our solutions are in the space industry, support scientists in developing cancer drugs, and implement innovative technological solutions for industrial clients worldwide.

Currently, for the new Seargin project, we are looking for a Cloud Security Governance & DevSecOps Consultant.

Role: Cloud Security Governance & DevSecOps Consultant

FTE: Full-time

Contract: B2B (Autonomo)

Sector: Construction

Location: Remote from Spain, occasional visits to Madrid office

Languages: Excellent English

Recruitment Process: 1 stage

Start: ASAP

Project Duration: 6 months

As we migrate our IT systems from on-premise datacenters to AWS cloud, with extensive use of SaaS, PaaS, and DevOps for IaC, it is essential to establish a governance structure to ensure efficient, secure, and effective utilization of cloud resources.

New technologies and workflows introduced during migration require review and redesign of security and IT controls to protect confidentiality, integrity, and availability. The Cloud Governance aims to review and update IT controls across all cloud environments, define clear roles and responsibilities, and streamline global management and security controls.

Job Profile:

The Cloud Security Governance Consultant will work under the direction of Global IT Security to review, improve, and consolidate documentation related to cloud security, collaborating with IT teams. Key responsibilities include:

• Understanding our IT and cloud environments through documentation review and stakeholder interviews.
• Enhancing the Cloud Control Framework with key controls for all cloud environments.
• Updating and socializing the Cloud Governance Standard with stakeholders.
• Proposing detailed procedures for implementing controls.
• Developing processes for assessing and reporting compliance.
• Supporting other cloud initiatives, like account lifecycle management.
• Providing insights on AWS and GCP features and resource utilization.

Stakeholders and Relationships:

• IT Security & Compliance teams: daily activities and escalations
• Global I&O teams: control description collaboration
• Managed Service Provider: control implementation follow-up

Qualifications:

• Bachelor’s in IT or related field
• 5+ years in IT Security
• Broad knowledge of cloud security, especially AWS and GCP
• Experience in security policies, projects, assessments, and audits
• Certifications like AWS Security - Specialty, Solutions Architect, CISSP are desirable

Technical Skills:

• Analysis, documentation, and communication skills
• Knowledge of security standards (NIST, ISO 27000, etc.)
• Experience with CSPM tools and SIEM basics

Personal Attributes:

• Proactive, collaborative, effective team player
• Ability to work in multicultural, multi-located teams
• Effective communicator with stakeholders
• Ability to work under pressure and handle ambiguity

Linguistic Skills: Fluency in English, verbal and written.