(O-026) | Cloud Security Governance & DevSecOps Consultant

As a dynamic multinational tech company operating in 50 countries, we drive innovation, create projects that shape the future, and greatly enhance quality of life. You will find our solutions in the space industry, supporting scientists in the development of cancer drugs, and implementing innovative technological solutions for industrial clients worldwide. These are just some of the areas in which we operate!

Currently, for the new Seargin project, we are looking for a Cloud Security Governance & DevSecOps Consultant!

Cloud Security Governance & DevSecOps Consultant

6 months

• FTE: full-time
• Contract: B2B (Autonomo)
• Sector: construction
• Location: Remote from Spain, occasional visit to the office in Madrid
• Languages: Excellent English
• Recruitment Process: 1 stage
• Start: ASAP

As we migrate most of our IT systems hosted in on-premise datacenters to a global cloud provider (AWS) and the wide use of SaaS and PaaS and DevOps for Iaac, it is imperative to support a governance structure to ensure we utilize these cloud resources in an efficient, secure and effective manner.

New technologies and ways of working have been introduced with the migration to the cloud, thus the security and IT controls in place to protect the confidentiality, integrity and availability of the information stored in those IT systems must be reviewed and re-designed as necessary. The Cloud Governance aims at reviewing and refreshing the IT controls applicable to all Holcim’s cloud environments, including clear roles and responsibilities for all regions, and streamlining the management of cloud resources globally and needed security controls to ensure all infrastructure is properly protected.

Under the general direction of Global IT Security, and the technical direction of the Global IT Security Officers, the Cloud Security Governance Consultant will be responsible for reviewing, improving and consolidating all the supporting documentation and materials produced as part of the Cloud Security Workgroup (Council) Security Stream during the last years, in collaboration with the different IT teams involved. The main responsibilities for this role are aligned with the key objectives of the Cloud Governance project :

• Understand our IT and cloud environments, including IT systems criticality and relation to the business (documentation review and interviews with key stakeholders).
• Review and Enhance the Cloud Control Framework including key controls to be implemented in all cloud environments, as well as more advanced controls applicable to critical IT systems (first version already defined).
• Review, update and enhance the current Cloud Governance Standard applicable to all cloud instances used in our company and aligned with the Cloud Control Framework, and socialise it with key stakeholders.
• Propose and Document detailed procedures including guidance to implement each control included in the Cloud Control Framework (all controls must be covered, but one procedure can cover several controls).
• Propose and Enhance the current process to periodically assess and report compliance against the Cloud Control Framework for different IT systems, depending on their criticality.
• Support any other cloud initiatives and needs arising during the project, like the cloud