Manager, Application and Cloud Security

Purpose of the Role:
The Manager, Application and Cloud Security is responsible for advisory and monitoring services that enable the achievement of the Bank’s information security policy for initiatives, as the Bank moves to the cloud. Security objectives include integrity, confidentiality / privacy, availability, continuity and the delivery of secured application code. The incumbent will provide cloud and application security consulting services to business units assist in the development and support of sound security strategies, ensuring the reliable implementation of consistent and secure control processes to protect the Bank’s information and data resources.
 

Key Accountabilities:

  • Embeds the Bank’s application and cloud security programmes:
  1. Ensures best practices for managing security within the cloud are implemented and monitored.
  2. Ensures respective teams are made aware of and adhere to the application and cloud security standards. 
  3. Designs and implements strategies and tactical plans to aid the Bank in its move to the Cloud in a secure fashion while keeping the information risk at an acceptable level.
  • Collaborates with Manager, Information Security & Technology Risk Management to ensure the quality and timeliness of application and Cloud environment risk assessments.
  • Generates key performance indicators (KPIs), and key risk indicators (KRIs) and identifies trends for cloud and application security activities and drives visibility and transparency of business value for completed work. Collects, collates and analyses data related to Cloud and application security activities completed by the unit.
  • Embeds the Bank’s application security programme:
  1. Ensures that applications and the application programme interface (API) are security tested before implementation.
  2. Ensures respective teams are made aware of the application security standards. 
  3. Ensures the tools and associated processes for the implementation of the application security standard are procured, implemented and kept current.
  4. Maintains standard API libraries.
  5. Ensures all applications and API undergo security testing based on risk before live implementation.
  • Implements sound strategic and tactical security plans to enable / ensure the reliable implementation of consistent and secure control processes to protect the Bank’s applications and data deployed in the cloud. Provides direction and guidance to the business units moving applications and data to the cloud.
  • Works with respective Technology teams to ensure all vulnerabilities identified are mitigated or risk accepted in accordance with Operational Risk Management policies.
  • Represents Information Security internally in discussions related to cloud based initiatives.
  • Keeps abreast on financial industry regulations related to application and cloud security across the region. Completes gap analyses of current policies, standards and provide recommendations to respective business leaders to ensure that the Bank remains in compliance.
  • Identifies and recommends application and cloud security control process improvements to enhance security policy compliance.
  • Provides first line subject matter expert to advice business units on cloud and application security information security standards, policies and processes.
  • Participates in the audit and compliance reviews related to application and cloud security and work with the stakeholders to close any audit and compliance deficiencies.


Critical Knowledge & Skills Required:

  • Information security technologies – excellent and current knowledge of technologies and technology-based solutions dealing with information security issues.
  • Good understanding of current and emerging technologies and their security implications, e.g. Cloud, Agile and Dev Ops.
  • Information security risk management – knowledge of processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organisational data.
  • Decision-making and critical thinking – good knowledge of tools and techniques for effective use of a broad range of factors, assumptions, frameworks and perspectives when solving problems.
  • Direct experience conducting information security risk assessments.
  • Strong understanding of IT security best practices.
  • Demonstrated ability to stay abreast securing evolving technology such as cloud and mobile computing.
  • Knowledge of NIST, Centre for Internet Security (CIS) and IT controls.
  • Good analytical skills.
  • Influencing skills.
  • Able to understand and analyse technology, and risk management principles.
  • Effective written and verbal communication skills:
  1. able to conduct presentations and facilitate group meetings
  2. effectively communicate with technical and non-technical resources
  3. communicate complex and technical issues to diverse audiences
  4. ability to tailor communication style to audience at hand
  • Good organisational skills and good time management.
  • People management skills.
  • Ability to perform independent analysis of problems and distil relevant findings and root causes.
  • A team-focused mentality with the proven ability to work effectively with diverse stakeholders.
  • Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business.
  • Ability to compile and analyse data for management reporting and metrics.
  • Understanding of organizational mission, values, and goals and consistent application of this knowledge.
  • Ability to react to high pressure dynamic changing environments while maintaining a professional image and approach.


Experience Required:

  • Undergraduate or post graduate degree in Computer Science, Information Security, or a related field and one or more of the following or related professional certifications:
  1. Certified Cloud Security Professional (CCSP)
  2. Certificate of Cloud Security Knowledge (CCSK)
  3. Certified Application Security Engineer (CASE)
  4. Certified Application Security Specialist (CASS)
  5. Certified in Risk and Information Systems Control (CRISC)
  6. Certified Information Systems Auditor (CISA)
  7. Certified Information Systems Security Professional (CISSP)
  • At least three years’ experience in information security, with at least one years in IT Risk Management
  • At least three years’ experience in another IT function, especially IT Audit
  • At least two years’ experience with regulatory compliance and information security management frameworks, e.g., IS027000, COBIT, National Institute of Science and Technology (NIST) etc.
  • Practical experience with cloud and application security.
  • Knowledge of two or more of the following: Google Cloud Platform, Azure, Amazon Web Services, Cloud Foundry or other cloud technologies would be an asset.
  • Knowledge of application security tools would an asset.

Or

  • At least five years’ experience in Information Security or IT Audit and one or more of the following or related professional certifications:
  1. Certified Cloud Security Professional (CCSP)
  2. Certificate of Cloud Security Knowledge (CCSK)
  3. Certified Application Security Engineer (CASE)
  4. Certified Application Security Specialist (CASS)
  5. Certified Information Systems Security Professional (CISSP)
  6. Certified Information Security Manager (CISM)
  7. Certified Information Systems Auditor (CISA)
  • Knowledge of or experience with regulatory compliance and information security management frameworks, e.g., IS027000, COBIT, NIST etc., are desirable.
  • Practical experience with cloud and application security and the Cloud Controls Matrix.
  • Knowledge of two or more of the following: Google Cloud Platform, Azure, Amazon Web Services, Cloud Foundry or other cloud technologies would be an asset.
  • Knowledge of application security tools would be an asset.

 

Position reports to: Senior Manager, Information Security & Technology Risk Management

Function: Enterprise Security & Fraud Management

 

Expiry Date: 29 okt 2020

Reference
VAC-4214
Employer
CIBC FirstCaribbean International Bank
Hours
Employment Type
Salary and benefits
Salary in accordance with appropriate salary schedule.
Salary
Salary negotiable
Your Career Level
Mid Career
Years Experience
Minimum of Eight (8) years'
Your Education Level
Undergraduate Degree|in Computer Studies
View Employer
Apply
Log In and Apply
Upload your CV/Resume
Additional Personal Details
Other details about you

Terms of Use/Notifications

Do you agree to our Terms of Use & Privacy Statement?

Receive updates & notifications from Caribbean Opus

Apply

Currency

The 10 islands have different currencies. We will be using USD as the general currency on the website.