The Cloud Security Consultant will have the following objectives:

• Ensure that an appropriate level of IT Security controls is applied to every project
• Ensure that projects deliver solutions that are fit for purpose from IT Security stand point and any deviations/risks are raised as appropriate
• Ensure that all IT-related actions taken with projects are compliant to ISO27001:2013 so as to maintain the Bank's certification
• Perform formal Risk Assessments where exceptions to bank security policies are required and register the findings in the Bank's risk register

Scope of Services

• Work within a project team with a focus on embedding relevant security controls into the project delivery process
• Working with third parties to establish and implement the baseline for IT Security controls
• Ensuring that assurance over IT & Information Security control implementation can be provided
• Establish, implement and maintain a suite of IT Security controls within the scope of the project, protecting IT systems and providing visibility of potential threats and vulnerabilities.
• Development of clear and concise reporting suitable for presentation to Project Management including submission of regular Key Risk Indicator reports highlighting IT Security activities as required by the project.
• Ensure key IT Security project deliverables are addressed within agreed timescales.
• Ensure secure working best practises are Embedded within the environment, and that the appropriate alerts are recorded within the relevant SIEM tools.
• Facilitate and manage appropriate vulnerability assessments and manage the remediation activity as related to the project.
• Work closely with members of Operation Risk and Information Security to ensure any IT Security controls and associated risks are appropriately managed in delivery of the project.
• Define theIT Security requirements for the project and assist with the creation of operational processes, ensuring alignment to EBRD standards and industry best practice recommendations.
• Provide expertise in the definition, selection and implementation of IT Security related controls to the IT Department.
• Manage and promote IT Security to ensure that the project understands the value of best practice and supports the defined IT Security objectives.
• Participate in workshops, providing security guidance and recommendations to help structure requirements and shape project deliverables.
• Act as the key IT Security technical point of contact for the project and engage with internal teams to ensure all interests and objectives are included.

The consultant is expected to:

• deliver all of the agreed individual deliverables for each project that they are involved in
• maintain required central IT Security documentation
• provide a comprehensive handover upon completion of the assignment

KNOWLEDGE/EXPERIENCE

• Demonstrable experience of successfully securing Microsoft Cloud solutions
• Extensive understanding and implementation of the IT Security environment, policies, guidelines and standards, including awareness of ISO 27001/2.
• Educated to honours degree level and/or a relevant and recognised IT Security accreditation.
• Technical assessments of RFPs and third party partner selection in line with OJEU or similar governance structures.
• Broad understanding of corporate IT infrastructures and technologies.
• Demonstrable experience of successfully operating within a 'Matrix' IT Security team & bespoke project team.
• Experience of working on multiple projects simultaneously and effectively managing the competing priorities.
• Demonstrable knowledge of technical security solutions covering modern Security solutions and Tooling.
• Knowledge of standards and industry best practice for risk assessment of IT applications, particularly in a financial setting.
• Good understanding of PKI, digital certificates, and key management, in the context of IT applications as consumers of the service.
• Identity and Access Management (IAM) for critical business applications, including external third-party identity and/or privileges access may be a requirement.
• Relevant experience in the Financial Services sector.
• Ability to handle pressure and work to challenging deadlines.
• Scope of services successfully transitioned to third party provider and knowledge transfer complete.

TECHNICAL SKILLS

• Demonstrable experience of conducting security assessments and threat identification, mitigation and remediation.
• Good understanding of Defender for Cloud and its policies
• Ability to guide projects to apply appropriate security standards and policies.
• Good technical understanding of Cloud security, security configuration and best practices for Servers, workstations, SASE technologies, SD-WAN, Firewall infrastructure and penetration testing scoping.
• Deep technical knowledge of the following: data encryption, data leakage controls, application integration, identity and access management, certificate management and database security.
• Excellent understanding of the Secure Application Development Lifecycle (SDLC) and the ability to advise the AppDev teams in the remediation.
• Technical experience of some of the following applications: Security auditing tools, AV, Firewalls, Proxy, SIEM, PAM.
• Ethical hacking and KQL background are advantageous.