Senior Director – Information Security and Risk Management
Goldstone Partners, Inc.
AWSAzureCloud
Job Level
Senior
Tech Stack
AWSBootstrapCloud
About the role
- Bootstrap BitMEX's Security Assurance practice and architect Security Policy and Risk Management frameworks with compliance-as-code as a foundational pillar
- Operationalise security common controls framework and deliver security metrics
- Translate regulatory and compliance requirements into code and actionable technical controls
- Identify, communicate, and mitigate risks, processes, and internal control gaps with potential adverse operational risk implications
- Deliver threat modeling spot checks and perform deep-dive technical risk assessments
- Provide security training and outreach to internal tech teams
- Facilitate execution of external audits over BitMEX's products and internal controls in accordance with SOC 2 and ISO 27001
- Collaborate with stakeholders on successful execution of SOC2 Audits and other security initiatives
Requirements
- 10+ years of security industry experience with a strong background in software development including at least 3 years of hands-on experience
- Demonstrated success in leading technical teams in Cloud first environment with Deep knowledge of Amazon Web Services and general Cloud infrastructure security
- Expert on GRC processes to consistently automate and supervise information security controls, testing, and risks
- Knowledge of network security architecture concepts, including topology, protocols, components, and principles
- Hand on experience with Open Policy Agent, InSpec, or CloudFormation Guard
- Demonstrated knowledge and expertise in written responses to regulators
- Proficient in managing complex global infrastructure as code
- Strong blend of technical and business acumen, proven experience influencing decisions on regulatory standards, and excellent communication skills
- Demonstrated experience researching, building and implementing defensive security systems that are used against internal and external attack vectors (good to have)
- Comfortable operating across a wide variety of platforms and technologies (good to have)
- Relevant certifications like CISSP, CISA, AWS CCP, CIPP or CIPT are preferred (good to have)
- Prior experience of working in Security and Privacy compliance engineering or similar groups at a tech or fintech firm (good to have)
Similar jobs on JobTailor
Application Security Architect
Liebherr Group
AWSAzureCloudCyber SecurityDockerGoogle Cloud PlatformJenkinsKubernetesMicroservicesSDLC
Information Security Manager, Cyber Security Business Partner
PEXA
AWSAzureCloudCyber SecurityGoogle Cloud Platform
Cloud Cybersecurity Artifact Collector
CACI International Inc
AWSAzureCloudCyber Security
PAM Engineer, Identity and Access Management
Fisher Investments
AWSAzureCloudCyber SecurityGoogle Cloud PlatformJavaScriptPython