Cloud IT Security Architect Specialist

at  FIS Global

EDUCATION DESIRED :

Bachelor of Computer Science

ABOUT THE ROLE:

As a Cloud Security Architect, you will play a pivotal role in ensuring the security of our cloud-based systems and applications. This position blends technical expertise, DevSecOps practices, and architectural design principles to create and maintain robust security solutions aligned with modern security models. You will collaborate closely with cross-functional teams to design, implement, and maintain security measures that protect our organisation’s data, infrastructure, and applications in cloud environments.

WHAT YOU WILL BE DOING:

• Overall Cloud Security Enhancement: FIS has a multi-cloud environment, so strengthening security across all platforms, including AWS, Azure, and Google Cloud, is imperative. This entails continual review and enforcement of security configurations, deployment of auto-remediation mechanisms, and proactive troubleshooting of tool-related issues to maintain robust security postures and minimize vulnerabilities.
• Policy Management and Compliance: The creation, review, and enforcement of cloud security policies are critical to ensuring adherence to regulatory requirements and industry best practices. Periodic policy reviews, change management processes, and presentations to the review board facilitate the socialization and alignment of security policies with business objectives, enhancing overall governance and risk management.
• Automation and Cost Optimization: Automating security operations and identifying cost-saving opportunities play pivotal roles in enhancing operational efficiency and maximizing ROI. Automation initiatives streamline tool delivery, operationalization, account onboarding, and diagnostics, enabling the team to focus on strategic objectives and value-added activities.
• Vendor Management and Tool Evaluation: Effective vendor management and ongoing evaluation of cloud security tools are essential to adapt to evolving threats and technological advancements. Cloud tool proof-of-concepts (POCs) and module evaluations, including potential replacements for existing tools and evaluations of new capabilities, ensure that the Cloud Security Department stays abreast of the latest innovations and selects tools that best align with organizational needs and objectives.
• Governance and Security Architecture Reviews: Establishing a robust cloud security governance framework, in collaboration with the CIO Cloud Governance team, enhances accountability, transparency, and consistency in security policies, monitoring, and asset management. Weekly collaboration with CIO Cloud Engineering on architecture reviews and development of container security programs further strengthens security controls. It ensures that new projects adhere to security standards and best practices.
• Architectural Design: Design, implement, and maintain cloud security architecture that meets the organization’s strategic security objectives while enabling business agility and innovation.
• Technical Expertise: Provide expert guidance on cloud security best practices, including identity and access management, encryption, network security, and data protection. Stay abreast of emerging threats and security technologies to enhance security posture continuously.
• DevSecOps Integration: Integrate security into the DevOps pipeline by automating security controls, implementing security testing, and promoting a security culture throughout the development lifecycle.
• Risk Management: Assess security risks associated with cloud environments and develop strategies to mitigate these risks effectively. Conduct security assessments, audits, and penetration testing to identify vulnerabilities and weaknesses.
• Compliance and Governance: Ensure compliance with relevant regulatory requirements, industry standards, and internal security policies. Develop and maintain security documentation, including policies, standards, procedures, and guidelines.
• Incident Response and Monitoring: Design and implement incident response plans and procedures for cloud-based systems. Establish robust monitoring and alerting mechanisms to detect and respond to security incidents in a timely manner.
• Collaboration and Communication: Collaborate with organisational stakeholders, including IT teams, development teams, business units, and external partners, to align security initiatives with business objectives. Communicate complex security concepts effectively to technical and non-technical audiences.