IBM Cloud Security Strategy, Risk and Compliance in Denmark
The Cloud SSRC Senior Managing Consultant in the Europe Security Services Centre of Competence (CoC) is aimed at understanding how to deliver security strategy, risk and compliance services in relation to the Cloud. This requires demonstrating thought leadership, practice leadership, sales leadership and delivery leadership.
The delivery aspect of this role should focus on how to assist IBM clients with the transformation of security in terms of services both delivered to and on cloud environments. These should cover a range of cloud service models deployed across private, public, hybrid and/or multi-cloud (off and on-prem) environments.
There is an expectation that there will be increasing demand to work alongside IBM’s other key business units, in particular: Global Technology Services (GTS), Global Business Services (GBS), IBM Cloud as part of a larger move to cloud proposal or initial solution strategy.
Cloud SSRC Consultants will be required to develop and understand offerings which IBM will be developing and pursuing throughout 2018 and beyond for Business Development.
Marketing and Sales:
Be responsible for driving and assisting signings in Europe working closely with the individual Markets
Work with Europe solutions teams and across local Markets to provide content to drive deals that relate to cloud security transformation in multiple domains from Design, Build and Operate phases
Provide demonstration of IBM credentials in Cloud Security Strategy, Risk and Compliance as well as a good understanding of multiple domains IAM, Security Operations Consulting, Application and Data Security and Infrastructure Endpoint and Mobile Security
Drive security transformation offerings and be a focal point for Markets to help understand existing capabilities, offerings, client references and experiences
Act as a senior thought leader in cloud security transformation and SSRC domains internally in IBM and externally in marketing events and industry conferences
Ability to sell security solutions to the C-suite and the Board and existing relationships / examples of such interaction
Work closely with the global, regional and local solution design teams in developing client presentations and SOWs
Key focal areas include:
Use and enhancement of Cloud Security Assessment Frameworks including IBM’s own assessment tooling to assess cloud strategy and maturity and to help develop an overall roadmap from cloud security transformation
HC3 Offering Development (with Europe/Global) – a global Cloud offering for continuous compliance, aimed at banks, financial services and other heavily regulated industries.
Secure System Development Life Cycle (SSDLC): Developing agile delivery frameworks using Cloud Security standards and mapping to the use of agile Software Delivery Lifecycle (SDLC) Models.
Delivery should centre around adopting an Agile approach to enable integration with delivery of Development and Operations and form a DevSecOps approach to delivering Cloud solutions.
Working with global and local teams, help organize project approaches and teams for client delivery
Participate in project delivery, to varying degrees depending on project complexity and geography needs
Help resolve program issues as they arise with senior leadership
Good understanding of Cloud architecture and industry standards are required
Establish strong client relationships in key accounts to help progress the Security Services portfolio
Provide global practice leadership by facilitating a community of like-minded practitioners to share and exchange ideas for practice growth and improvement
Contribute content and advice to the offering development process
Help shape the emerging model of the regionals Security practice
Help establish capability and skills models for the core domain
Become a role model for European and global practitioners in the core domain
Be a focal point to interview as part of practice building
Required Technical and Professional Expertise
Working experience of industry compliance and security standards for traditional on-premise security including PCI DSS, ISO 27001, HIPAA, and NIST
Working knowledge of key cloud security standards e.g. NIST, ISO, CSA STAR etc.
Background knowledge of cloud service models (IaaS, Paas, SaaS etc), infrastructure and technology
Working knowledge in routing, firewall policy, Anti-DDoS, Web Application Firewall, Intrusion Prevention Systems, Security Information and Event Management, Identity and authentication, virtualisation, DevSecOps, micro services architecture.
Extensive track record in delivering large-scale, complex and multi-year security transformation programs / projects in various capacities (e.g. program director, programme manager, senior delivery/technical lead)
At least 10 years’ experience in management consulting, security consulting or systems integration in a top tier professional services firms or similar experience
Preferred Tech and Prof Experience
Knowledge of the cloud delivery, security and deployment models for IaaS offerings provided by at least one of IBM Bluemix, Amazon Web Services (AWS) and Microsoft Azure platforms.
An understanding of Cloud Access Security Broker (CASB) into SaaS services and integration of CASB to SOC/SIEM services.
Background knowledge to EU General Data Protection Regulations (GDPR) and other privacy regulations and standards related to the cloud (e.g. ISO/IEC 27018)
At least 8 years’ experience in working with security consulting teams
At least 5 years’ experience in working in international deployment roles
At least 12 years’ experience in management consulting