Information Security Senior Specialist - Cloud

Information Security Senior Specialist

The Information Security Senior Specialist will be a key functional member of the Cloud Security Team within the Global Information Security (GIS) and Business Information Security Officer (BISO) organizations. The role is responsible for implementing, managing, and governing security controls across multi‑cloud environments, with a specific emphasis on Azure, AWS, and Google platforms, to ensure the protection of organizational data and systems.

This role requires deep expertise in cloud security, architecture principles, and industry standards. The ideal candidate will work closely with various teams to ensure the security of cloud‑based applications, data, and infrastructure, particularly on platforms like AWS and Azure.

• Integration with CI/CD Pipelines – Developers ensure security policies are embedded in CI/CD workflows to enforce compliance during development and deployment.
• Custom Solutions Development – Write custom modules, scripts, or extensions to adapt security tools to organizational requirements.
• Collaboration with Security Teams – Act as a bridge between security and Dev Ops teams, ensuring security policies align with operational workflows.
• Governance and Regulatory Compliance – Conduct regular security assessments and audits of cloud environments to identify and mitigate risks.
• Conduct risk assessments to identify potential security threats and vulnerabilities in cloud environments.
• Evidence Package Creation – Package evidence of security policies deployment and effectiveness for non‑technical audiences and audit teams.
• Participate in internal and external audits to demonstrate compliance with cloud security requirements.
• Lead the design and implementation of secure cloud architectures and solutions, ensuring alignment with business objectives and security requirements.
• Maintain and update risk registers and ensure continuous monitoring of cloud security risks.
• Act as a liaison between the security team and other departments to promote a security‑first culture.
• Define and implement security controls and policies for cloud environments, ensuring compliance with industry standards (ISO 27001, NIST, GDPR, HIPAA) and bank security policies.
• Continuously improve security controls and processes to enhance the organization's security posture.
• Develop and maintain documentation for security controls, policies, and procedures.
• Policy as Code (PaC) Implementation – Define, customize, and automate policies using tools such as Hashi Corp Sentinel, Open Policy Agent (OPA), and Terraform.

• Minimum of 5 years of professional experience designing and implementing cloud security controls.
• Bachelor’s degree in Information Systems or Computer Science, or equivalent education and work experience.
• In‑depth understanding of cloud security principles, best practices for Azure and/or AWS platforms, and industry frameworks such as OWASP Top 10, NIST, CSA, CIS benchmarks.
• Experience building and implementing Infrastructure as Code and/or Policy as Code governance strategies.
• Experience conducting security assessments, risk analyses, and developing security concepts.
• Hands‑on experience with cloud security tools and technologies such as AWS Security Hub, Azure Security Center, Google Cloud Security Command Center, and/or Wiz.
• Extensive knowledge of security tools and technologies such as SIEM, IDS/IPS, DLP, firewalls, PKI, and identity management in cloud environments.
• Experience with cloud and containerized technologies (AKS, EKS, ECS, serverless, Kubernetes, Docker).
• Extensive knowledge of public cloud service providers and threats to workloads within those environments.
• Currently hold active AWS Security Specialty or Azure AZ‑500 certification.

• Master’s degree in Information Systems or Computer Science, or equivalent education and work experience.
• Relevant industry certifications such as ISC2, SANS GIAC.
• Strong communication and interpersonal skills for cross‑functional collaboration.
• Ability to manage multiple projects and priorities in a fast‑paced environment.

• Customer and Client Focus
• Interpret Relevant Laws, Rules, and Regulations
• Policies, Procedures, and Guidelines
• Problem Solving
• Quality Assurance
• Business Process Analysis
• Data Privacy and Protection
• Innovative Thinking Risk Analytics
• Stakeholder Management
• Business Acumen
• Business Continuity Management
• Data Governance
• External Resource Management
• Information Systems Management

Shift: 1st shift (United States of America)

40 hours per week

Locations:
Denver CO, Washington DC, Chicago IL

Pay Range: $ – $ annualized salary, based on experience, education and skill set.

Discretionary incentive: eligible for the annual discretionary plan based on performance and contributions.

Benefits:
Industry‑leading benefits, paid time off, resources, and support to employees to contribute to sustainable growth.