*Visa sponsorship is not available for this position*
Are you ready to explore a world of possibilities?
Join our DTCC family, and you'll grow your expertise and become the best version of you. As you embark on a new journey, you'll tackle challenges with flexibility and grace, learning new skills and advancing your career while having the time of your life
The Cybersecurity Services domain protects DTCC from cybersecurity risks through world class security architecture, engineering and governance practices. Cloud Security refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of DTCC's public and private cloud computing remit.
Why you'll love this job
This position reports into the Cybersecurity Services Governance team lead and is pivotal in governance activities over the cloud environment and is responsible for automation/orchestration of administrative tasks, and enforcement of governance policies in our multi-cloud environments. The work will focus on assisting the governance CCoE to build a strong security governance framework including supporting and enhancing alignment to existing process best practices & standards; driving security-first approach to reduce risk for the company, improve accountability, security, scalability, and increase business agility. Candidate must have experience in information security and have supported or worked with cloud-based systems and applications.
What You'll Do
Will be an active member of an Agile squad focused on building a mature public and private cloud security capability within IT
Actively monitor security violations and vulnerability reports for cloud applications, perform root-cause and trend analysis, and provide recommendations for security control enhancements
Implement CCoE governance objectives in a consistent, repeatable, and automated way across multiple cloud environments with an emphasis on AWS and Azure
Identify security opportunities and assist in defining the strategies for Identity and Access Management, Key Management, Vulnerability Management, and Data Encryption for cloud solutions
Contribute to build effective security monitoring, logging, and auditing for DTCC cloud environments\\Drives maturity of cloud security services by identifying meaningful outcome-based metrics to highlight cloud related risks
Work closely with other groups to elevate our posture to cloud services thru improved security and standard methodologies
Provide cloud governance guidance to business owners, applications development and testing teams, and procurement, and other support groups
Maintains professional and technical process knowledge by keeping abreast of the latest industry-standard methodologies
Aligns risk and control processes into day to day responsibilities to monitor and mitigate risk; raises appropriately
*Note: Responsibilities of this role are not limited to the details above*
Your talents needed for success
Experience in Information Security GRC (governance, risk and compliance), especially in domains such as Vulnerability Management/Threat Management, Identity & Access Management, Risk Management, Certificate Management, Application Security Management, Security Information & Event Management (SIEM)
Working knowledge of the AWS Application Hosting services (EC2, containers, serverless, storage, etc.)
Must have strong knowledge on Cloud Security/Infrastructure and should experience to govern policies and procedures with regards to cloud governance
Hands on expertise with auditing of cloud environment and ability to assist in defining and updating Information Security Policies/Standard as per industry best practices and regulatory requirements.
Ability to collaborate and drive discussions with senior personnel regarding trade-offs, best practices, project management and risk mitigation.
Has deep understanding of risk management principles and standards (ISO 27001/ISMS, PCI, COBIT, NIST) to recommend methods to mitigate risks with standard control mechanism.
Expertise on performing periodic control gap assessment or internal/vendor security assessment on systems & technologies
Experience with cloud security monitoring tools such as Dome9 and ability to define and present security risk metrics/data, desired
Information Security Certifications (CISSP, CISA, CISM, ISO 27001, COBIT, CRISC, AWS Certified Cloud Practitioner, CCSP ) is a plus
Good to have hands on experience with any of the GRC tools like MetricStream, Archer, ServiceNow, JIRA
Minimum of 6 years of related experience
Bachelor's degree preferred or equivalent experience
DTCC safeguards the financial markets and helps them run efficiently, in times of prosperity and crisis. We are uniquely positioned at the center of global trading activity, processing over 100 million financial transactions every day, pioneering industry-wide, post-trade solutions and maintaining multiple data and operating centers worldwide. From where we stand, we can anticipate the industry's needs and we're working to continually improve the world's most resilient, secure and efficient market infrastructure. Our employees are driven to deliver innovative technologies that improve efficiency, lower cost and bring stability and certainty to the post-trade lifecycle.
Our work environment favors openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you'll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It's the chance to make a difference at a company that's truly one of a kind.
About the Team
The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance.