Sr. Systems Analyst
Location: Rochester, NY
Cloud Authorization Engineer (CAE)
UST Global???? is looking for a Cloud Authorization Engineer (CAE) to support securing initial global regulatory cloud certifications as well as annual renewals for Client cloud offer certifications. The candidate must possess excellent written and verbal communication skills with the ability and collaborate effectively with domain and technical experts in the team.
As a Cloud Authorization Engineer (CAE); you will be responsible to support securing initial global regulatory cloud certifications as well as annual renewals for Client cloud offer certifications by:
- providing technical guidance on the implementation and documentation of the cloud certification requirements;
- ensuring each certification is compliant with relevant regulatory and certification security requirements (e.g. FISMA; FedRAMP; SOC2; ISO 27001; ISO 27017; ISO 27018; PCI DSS; HITRUST; CJIS; C5; SOC; etc.);
- partnering with the business unit to remove impediments beyond/outside of the business unit that jeopardize securing or retaining a cloud certification.
The CAE will have broad technical background and experience necessary to support multiple cloud product certifications which may span offices; time zones and hemispheres.
The CAE will have experience with architecture; design and operations of cloud solutions and the how to meet security compliance requirements. Must have the ability to propose technical solutions to complex security compliance issues.
The CAA should have a clear understanding and experience implementing at least one major cloud certification (FedRAMP; SOC2; ISO 27001; or HITRUST);and understand the cloud authorization processes. NIST and/or FISMA experience is also preferred along with basic competencies in the areas:
?????? Working with multiple stakeholders (internal and external) across product lines to assess and identify security compliance gaps and propose technical remediation solutions and options necessary to secure a certification
?????? Assisting with technical questions regarding control implementation as well as post authorization activities such as significant change; annual authorization renewals; etc.
?????? Reviewing current system security measures and recommending and implementing enhancements
?????? Translating complex concepts and solutions into documents required for the certification (i.e. System Security Plan)
?????? Working knowledge or experience conducting system security and vulnerability analyses and risk assessments
?????? Updating security knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
?????? Collaborating effectively across multiple organizations with diverse personalities and expertise to drive to agreement on complex issues
**Must be a US Citizen**
May need to travel 10-25% - When returning to normal business travel; but not anticipated until end of Oct 2020.
1.\t2+ years specialized experience in reviewing security documentation for requirements; compliance; compliance documentation; testing results; standard operating procedures; system security plans; etc.
2.\t2+ years of certification experience with (ISO27001; FedRAMP; PCI DSS; SOC2; HITRUST; or CJIS)
3.\tUnderstanding of cloud security and overall cloud computing architecture
4.\tExperience with communication between leadership; operational teams; development teams and certification teams
5.\tUnderstanding of development of presentation materials and overall presentation skills around technology and compliance
6.\t Experience applying process improvement techniques
7.\tExcellent written and verbal communication skills
8.\tSolid understanding of security protocols; cryptography; authentication; authorization and security
Nice to have Requirements.
1.\tApplicable industry security certifications (e.g. CAP; CISA; Associate of CISSP; GIAC; etc.) a plus
2.\tSecure Software Development Lifecycle experience a plus
3.\tExperience writing scripts and tools
4.\tProvide years of experience in MySQL; Python; Linux and Software consulting