Vacancy expired!
BE PART OF A BANK LIKE NO OTHER.
When you work with the world's most innovative companies, you know you're making a difference.Our clients are the game changers, leaders and investors who fuel the global innovation economy. They're the businesses behind the next medical breakthroughs. And the visionaries whose new technologies could transform the way people live and work.They come to SVB for our expertise, deep network and 30+ years of experience in the industries we serve, and to partner with diverse teams of passionate, enterprising SVBers, dedicated to an inclusive approach to helping them grow and succeed at every stage of their business.Join us at SVB and be part of bringing our clients' world-changing ideas to life. At SVB, we have the opportunity to grow and collectively make an impact by supporting the innovative clients and communities SVB serves. We pride ourselves in having both a diverse client roster and an equally diverse and inclusive organization. And we work diligently to encourage all with different ways of thinking, different ways of working, and especially those traditionally underrepresented in technology and financial services, to apply.Job Description Silicon Valley Bank serves many of the most innovative companies in the world. Our clients are forward thinkers. True believers. Optimists. Game-changers. Inspired by them, we're changing the face of banking. We need technology experts with the same can-do attitude as our clients. We're looking for creative thinkers who want to create a truly seamless banking experience on a global scale.We have an exciting opportunity in our Governance, Risk & Compliance team.TheCloud SecurityCompliance Managerdefines, specifies, contributes, implements, monitors, reviews, and measures effectiveness of security controls and security operations inSVB's AWScloud environment. EnsuresSVB iscompliantto internal and industry security standards.Thisindividualwill be an integral part of theGlobal Servicesorganization and will help improve the maturity level ofcloud securityrisk practices across the bank, as the organization continues to grow at a rapid pace. Responsibilities:- TestingofAWStechnical and operational security controls that are considered safeguards and/or countermeasures to prevent unauthorized access, modification and disclosure of data, software and infrastructure.
- Auditcloud-based architectures that utilize AWS and 3rd party services to enforce IAAA (Identification, authentication, authorization and accounting), principle of least privilege and need to know, separation of duties, fail-safe and secure, defense-in-depth, encryption, logging and monitoring ofAWS infrastructure and applications.
- Perform ongoing evaluations of operations against prescribed security standards.Align security deliverables with legal, regulatory and contractual requirements that conforms with security framework and standards such asFFIEC(e.g.Handbooks, Cybersecurity Assessment Tool)NIST SP 800-53,PCI-DSS,CISControls.
- Establish processes and procedure for continuous monitoring to allow operational visibility, change control, incident response, alerting and maintenance of secure systems.
- 5+ years of IT audit and/or IT risk management experience at a Big 4 firm, a financial services company or other regulated organization.
- Ability to effectively complete control testing work papers, collect supporting evidence from different stakeholders and share the testing results with control owners to work on defining action plans to remediate the gaps.
- Proactive, strong interpersonal skills.
- Bachelor's degree in information technology field
- AWSProfessional and Associate level certificationsarea plus (e.g.Solutions Architect Professional,Security Specialty).
- Bachelor's Degreeor Equivalent work experience
- 5+Years of Relevant Security and Risk Experience
- AWS CloudExperience.
- Prior Big 4 IT Audit experience a plus.
- One or more professional certifications highly desirable, such as CGEIT, CISA, CISM, CISSP, CRISC.
- Working knowledge of (or willingness to learn) key regulations within risk management and financial services industry, such as FFIEC, GLBA, GDPR, PCI.
- Familiarity in IT risk, Information Security,and compliance activities and general understanding of industry frameworks (as suchFFIEC CAT,FFIEC IT Handbooks,CIS Controls, NIST 800-53,COBIT).
- Information security certifications (e.g.CISSP, CISA, GIAC,CCSP - Certified Cloud Security Professional,etc.) are a plus.