- Conducting security reviews of third-party products/services to assess the security capabilities and risks of IBM / customer data, networks and IBM products or offerings
- Identify and analyze areas of improvement and provide appropriate recommendations for risk mitigation
- Working with appropriate business users and experts, ensuring that any identified risk, which requires mitigation action, including displacement/replacement of the vendor, develops and executes a plan.
- Monitor and drive mitigation actions.
- Coordinate closely with internal stakeholders (ie business units, business unit information security officers, procurement, internal audit, legal, etc.) to facilitate and assess third party relationships.
- The mitigation action is required for senior management of clearly at-risk areas and business units, CISO and cross-functional teams
- Work as a subject matter expert to help businesses identify and mitigate risks on their supplier relationships.
- Ensure that appropriate security terms are included in supplier contracts
- Minimum of 2 years experience in one of the following:
Cloud application development, including working with Kubernetes, containers, dockers
- Cloud Infrastructure Management – Management of Kubernetes, containers, cloud databases and applications
- Experience in developing, deploying or maintaining data analytics and AI projects
- Experience in developing, deploying or maintaining IoT applications and infrastructure
Essential technical and professional expertise
Total 8 years experience in IT or information security field, minimum 3 years experience in any of the following:
- Experience in security architecture and solutions
- Experience in application security management
- Experience running vulnerability scans or management
- Experience in Security Operations Center (SOC)
- Experience in managing network security
- Experience in security technologies such as identity and access management, encryption, DLP, and more.e
Preferred Technical and Professional Expertise
- Experience in third party security control and status evaluation
- Experience performing risk assessment of problem areas.
- Management Experience – Assessment, Prioritization and Avoidance
- Familiar with SOC 2 Type 2 audit
- ISO 27001 Implementation Knowledge
- NIST 800-53 Implementation Experience
To apply for this job please visit www.applytracking.com.