Senior Cloud Security Associate
Location: San Diego, California US
Requisition Number: 208008
Position Title: Governance Risk Management Specialist (IV)
Senior Cloud Security Associate
Teradata is seeking a technical subject matter expert to work with a team charged with defining and managing cybersecurity for cloud. The Senior Cloud Security Associate will work with the Information Systems Security Manager to establish and document standard security procedures in accordance with the Risk Management Framework requirements. The Senior Cloud Security Associate will be responsible for implementing, maintaining and supporting FedRAMP, PCI, ISO and SOC 2 certifications and will coordinate across the organization to ensure a proper security posture is maintained. The Senior Cloud Security Associate will conduct periodic reviews to ensure continued compliance with established policies and procedures. The Senior Cloud Security Associate will report to the Senior Manager, Security Governance & Risk Management.
Given the nature of work on initiatives for our federal contracts, US Citizenship is required. Position can be based in our San Diego Headquarters or Remote.
- Ensure compliance to guidance, standards and regulations such as the Payment Card Industry Data Security Standards (PCI-DSS), ISO 27001/27002, NIST Special Publications, FIPS, FedRAMP, and other Federal regulations and policies.
- Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans, Contingency Plans, Plan of Actions & Milestone, and other relevant security documentation for existing and new systems.
- Using the NIST Risk Management Framework, conduct assessments of information security controls in order to measure the effectiveness of controls and identify control gaps.
- Maintain all cloud compliance cybersecurity-related documentation.
- Ensures that procedures are reviewed and updated whenever compliance (PCI, NIST/FedRAMP, ISO) control requirements are revised, or when a significant change occurs to the information system
- Collect evidence, artifacts, and document findings to support conclusions. Develop and maintain security artifacts required for compliance efforts.
- Review and write security related policies and procedures to comply with applicable standards and regulations
- Prepare compliance test plans and coordinate the testing and result procedures
- Identify, assess, and prioritize identified risks.
- Assess security solutions and provide recommendations for any improvements to current security posture.
- Assist in remediation efforts and report on the status of control deficiencies.
- Assist with formal policy exception requests.
- Collect and maintain data needed to meet system cybersecurity reporting.
- Report on compliance with internal policies, controls, and standards and provide recommendations for remediation of identified deficiencies.
- Provide timely status updates/reporting on assessments and assigned project.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Recognize possible security violations and assist with actions to report the incident, as required.
- Experience demonstrating strong analytical, troubleshooting and problem-solving skills for security information and event management
- Bachelor’s Degree in Computer Science, IT, Information/Cyber Security field from an accredited college or university.
- 5+ years’ experience in a cyber security role
- Experience supporting major Federal information systems/applications
- Experience with relevant security and risk management frameworks (NIST Risk Management Framework, NIST Cyber Security Framework, CIS Critical Security Controls, etc.)
- Strong understanding of public cloud infrastructure architecture and security controls
- Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures
- Experience performing security control assessments of assigned systems
- Demonstrated proficiency in the following areas: multi-tasking, critical thinking; and the ability to work quickly, efficiently and accurately in a dynamic and fluid environment.
- NIST SP 800-37 Risk Management Framework security assessment and authorization (A&A) processes.
- Experience working with ATO packages.
- Experience with supporting cloud systems
- Security controls (i.e. NIST SP 800-53, FISCAM, etc.) assessments in support of FISMA, A-123 and annual self-assessment initiatives.
- Experience with documenting NIST 800-53 security control compliance findings within Requirements such as: Traceability Matrixes and Security Assessment Reports
- Enterprise Logging System to conduct regular reviews of audit logs (operating system, application, database, etc.) for security anomalies and compliance with applicable policies and procedures
- Reviewing operating system, application, and database security baseline configuration documentation to ensure compliance with agency hardening guidelines
- Reviewing proposed change requests related to system design / configuration and performing a security impact analysis to provide approval or denial recommendations
- Experience developing security boundary and security architecture
- Experience reviewing and interpreting Vulnerability and Compliance scans
- Previous Federal Government experience a large plus.
- Certified Cloud Security Professional (CCSP) certification
- Certified Information Systems Security Professional (CISSP)
CountryEEOText_Description: Teradata invites all identities and backgrounds in the workplace. We work with deliberation and intent to ensure we are cultivating collaboration and inclusivity across our global organization. We are proud to be an equal opportunity and affirmative action employer. We do not discriminate based upon race, color, ancestry, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related conditions), national origin, sexual orientation, age, citizenship, marital status, disability, medical condition, genetic information, gender identity or expression, military and veteran status, or any other legally protected status.
City: San Diego
Community / Marketing Title: Senior Cloud Security Associate
Job Category: Security
Considering COVID-19, we are still hiring but conducting virtual interviews to keep our candidates and employees safe. Many roles will be temporarily remote or work from home to comply with current safety regulations. These roles will be required to be in the office once it is safe or restrictions are lifted. Read more on our response here: Teradata Response to COVID-19
With all the investments made in analytics, it’s time to stop buying into partial solutions that overpromise and underdeliver. It’s time to invest in answers. Only Teradata leverages all of the data, all of the time, so that customers can analyze anything, deploy anywhere, and deliver analytics that matter most to them. And we do it at scale, on-premises, in the Cloud, or anywhere in between.
We call this Pervasive Data Intelligence. It’s the answer to the complexity, cost, and inadequacy of today’s analytics. And it's the way Teradata transforms how businesses work and people live through the power of data throughout the world. Join us and help create the era of Pervasive Data Intelligence.
Location_formattedLocationLong: San Diego, California US