Previous Job
Security Architect/ RTC, NC 12 mth contract (386214)
Ref No.: 18-00499
Location: RTP, North Carolina
Position Type:Contract
US Citizens  & GC ONLY
Comments to Buyer/Supplier :     *Limit resumes to two pages *Resume should clearly distinguish candidate's primary job responsibilities and hands-on experience from supporting team roles and peripheral experience. *
Technical Certification Preferred Skills required:
• Broad knowledge and understanding of various security domains, including cloud security, IoT, application security or Blockchain and emerging threats, vulnerabilities and attack methods
• Analytical skills to correlate operational risk data and identify critical risk/ issue patterns • Ability to clearly articulate security risks and exposures to BISOs, BU security teams and asset owners and coordinate mitigation activities
• Strong knowledge of cybersecurity industry standards, laws and regulations such as ISO 27001, NIST, COBIT, etc. • Ability to collaborate with numerous and diverse stakeholders in cross-geo locations working in different time zones Preferred skills:
• Experience working with Big data and analysis tools • Professional certification such as CISSP, CISA
• Broad domain knowledge on agile development methodologies Required qualifications:
• Minimum 10 years of experience in cybersecurity field and at least 3 years of experience in Cloud or IoT architecture or application security or Blockchain
• Experience conducting risk assessment for complex cloud environments, DevOps environments, or IoT devices.
• Experience implementing risk management frameworks or conducting risk assessments, security audits, ISO 27001 certification.
• Good program and project management skills and technology expertise
• Strong analytical & communication skills required Responsibilities • Serve as cybersecurity risk advisor for agile security risk management framework
• Liaison with Business Unit teams to identify, document, assess and mitigate cybersecurity risks
• Educate business unit teams on identifying cybersecurity risks in day-to-day operations
• Familiarize with organization's agile security risk management framework and use the framework to manage operational security risks
• Should have capability to develop an understanding of organization's business operations and related security requirements, challenges and concerns.
• Analyze operational risk data and provide meaningful insight for the management
• Be knowledgeable about current security threats, events and breaches in the industry Cybersecurity Operational Risk Analyst
This role is for Cyber Risk Team in IBM CISO organization which is globally responsible for managing cybersecurity risks, establishing risk management roles and responsibilities and implementing organization-wide risk management strategy. Candidate will be responsible for enhancing the effectiveness of operational security risk management across the organization. The candidate will deploy and manage IBM's agile security risk management framework to Business Unit Information Security Officer (BISO), senior executives, security teams, developers, architects and other asset owners in the Business Units and ensure the framework is used to consistently identify and assess cybersecurity risks they encounter in day-to-day operation. The candidate will develop and implement education programs to increase the risk awareness amongst asset owners and Business unit teams. Candidate will monitor operational security risks for suspicious patterns and work with the respective BISOs to investigate and mitigate the risk. The candidate will develop and implement security metrics to maintain operational risks at an acceptable tolerance level.
Preferred years of experience in competence:: GRC – Governance, Risk & Compliance process areas or experience working with GRC tools: 1+ year.
NIST, ISO 27001, COBIT Risk assessment framework: 3+ years.
Cloud security architecture and solutions, Virtualization software and hypervisor security –or- Application SDLC, security testing, web application security assessment, DevOps security, Akamai, Contrast, AppScan –or- IoT security architecture: 5+ years.
Experience working with large data sets, data analytics & reporting as part of SIEM or threat intelligence or vulnerability management: 1+ year Preferred skills:: Infrastructure security solutions like NAC, WAF, IPS/IDS, Firewall configuration, DLP- End point and Gateway, AV, FIM, IDAM, Privileged User Management, SIEM Log collection and correlation tools: 5+ years.
Security threat intelligence & analytical solutions: 1+ year