Cloud Security Manager

Becton Dickinson and   •  

Franklin Lakes, NJ

8 - 10 years

Posted 257 days ago

This job is no longer available.

Job ID R-27893 

Job Description Summary

BD has adopted a “services” first approach in engaging technical solutions to address business challenges. Primarily, those services are offered by cloud service providers. The key concern with provisioning cloud services is data protection while data is at rest or in transit. Cloud service providers are susceptible to the samethreats that corporations face daily. GIS understands this challenge and will take a proactive stance in creating a discipline to develop a strategic, operational and industry-recommended best practices approach. This role will focus on defining cloudarchitecture, cloud datasecurityand control standards, service models, deployment models and overall cloud service management. This role would also play a pivotal role in establishing a Center of Excellence for any business or function with a requirement for consuming cloud services.

Job Description

Reporting to the Director, Architecture & Engineering and collaborating with other team members, this individual will be responsible for coordinating the definition of cloud security strategy, architecture, implementation and operations. This challenging position requires in-depth knowledge of cloud securityarchitecture, design and standards, cross-functional knowledge of business processes, information securityrisks, internal controls and understanding of technology.  He/she brings unique knowledge and experience related to cloud security best practices and evidence of successful implementations. 

  • Support the delivery of BD’s security offerings related to cloud security, including security governance (security policies and procedures), security strategy (security planning), risk (risk assessments and management), cloud data protection (classification, encryption, tokenization), cloud-based identity and access management, technology/provider-specific cloud architecture and monitoring/analytics for and in the cloud
  • Define security controls relevant to compliance with legal, best-practice, and regulatory requirements for cloud environments
  • Lead the growth, development and support of junior cloud security staff in a team-oriented environment
  • Understand business engagements, requirements and enablement opportunities as it relates to specific use cases
  • Collaborate with GIS architecture & engineering staff and IT enterprise architecture staff in defining optimal cloud strategy, architecture and operations
  • Ability to translate technical cloud security requirements into business terms for leadership and stakeholders
  • Conduct cloud security strategy, readiness and discovery assessments; be familiar with cloud security frameworks, compliance requirements and security operations
  • Deliver services that meet BD security and project quality specifications
  • Ability to take initiative to communicate, interact, and collaborate with others to ensure that all aspects of a task are addressed

Minimum Qualifications:

  • Minimum of 2 years of server, application and networksecurity hardening experience (e.g., design, recommend and implement security hardening technical controls)
  • Minimum of 5 years managing projects using a standardized set of project management principles and solutions
  • Minimum of 5 years of technical writing and report generation
  • Minimum of 7 years of managing teams and third-party resources
  • Minimum 7 Years Enterprise ITsecurityrisk assessments and related frameworks (e.g., ISO 27000 series, NIST 800 Series, COBIT, IT General Controls, etc.)
  • Minimum 2 Years Conceptual knowledge of the following regulations: PCI, Sarbanes-Oxley, HIPAA, GLBA, FISMA
  • Bachelor's Degree

Preferred Qualifications:

  • Experience working SecaaS, Cloud Security or Third Party / Cloud Security Assessments
  • Industry recognized certification in security (e.g., CISSP, CCSK,CISA, CISM, CEH, etc.)
  • Experience in ITSecurity Testing (e.g., penetration testing, web application security assessments, vulnerability assessments and technical security assessments
  • Experience in Identity and Access Management
  • Experience in Network and Infrastructure Security (virtualized environments)
  • Experience with Cloud Security vendors in the IAM, Data Protection, Monitoring, SaaS, IaaS, PaaS provider specific space
  • Experience with Linux, Mac and Windows operating systems
  • Experience with security system life cycle management solutions for applications, network and infrastructure