Security Operations Expert - Cloud @ Novartis Healthcare

Job Description

Position Purpose: Manage operations for systems, tools and applications, ensuring their stability and integrity, while meeting customer service levels Major Accountabilities: Ensure security components are managed and compliance is maintained throughout their lifecycle i.e. protection profiles, security groups, implementation of all resources following security guideline Audit, review and monitor Security: encryption, VPC Flow logs, security groups, routing tables, ACL, Elastic IPs Review and endorse Public Cloud security exceptions Assess that operational security is developed through the operating model design and ensure controls are developed to ensure compliance to security controls Responsible for the implementation of the CIS baselines relevant to Public Cloud Vulnerabilities assessment and remediation plan Make sure user/API activities are logged Responsible for the creation of the security dashboard and reports Security Incident Management: incident response and SPOC for SOC Drive security awareness and security training within the operations team Coordination of Penetration Testing activities including managing Amazon Requests Perform risk assessments of new Public Cloud capabilities that we want to operationalize and support creation of guides for application managers who want to use the service Register, track and update Public Cloud risks, gaps and remediation's in the IT360 tool. Align and communicate to the Novartis IT Security organization Review CSP Compliance certificates and Audit reports Perform GxP assessment of AWS and Azure cloud Platform on Yearly basis Responsible for monitoring governance, compliance and security : evaluate resources and management of resources, configuration, tagging, change and security Responsible for AWS Config Rules: Define monitoring, change, governance and compliance rules to implement with input from IAM Manager and Security Manager Responsible for the creation of the audit reports and audit automation Responsible for reviewing and driving resolution of findings in the Trusted Advisor report Register, track and update Public Cloud risks, gaps and remediation's in the IRM tool. Align and communicate to the Novartis IT Security organization Make sure the alerts are checked within Azure security center Remediate vulnerabilities related to infrastructure/services in Azure Cloud Define Azure policies and work with Engineering team to implement and Review Make sure services are implemented as per Design specifications Firewall change form approvals for Azure and AWS cloud changes Review/ Approval of IAM polices

Minimum requirements

o Bachelor s degree in Information Technology, Computer Science, or Engineering o Security Certifications, CCSK/CCSP, CEH, ISO27001 LA , PCI - DSS, CISA/CISM o ITIL certification (min ITIL foundation) Good written, presentation and verbal communication skills Languages: Fluent in English (written & spoken), additional languages a plus More than 10 years of overall experience with 6+ years in Cloud Security Operations in global Cloud environments; delivering infrastructure and Platform services across geographic and business boundaries AWS/Azure Cloud Architecture experience responsible for influencing the design of complex public cloud Infrastructure solutions in view of the security design Effective relationship management experience Experience in co - ordination, directing and managing service providers Experience in Cloud audit, review and monitor Security: encryption, VPC Flow logs, security groups, routing tables, ACL's, Elastic IPs