You will play an integral role in defining and improving NBC’s Cloud Security governance, risk and compliance framework supporting the Banks cloud initiatives. You will work within a forward-looking security governance team to refine Governance, Risk and Compliance (GRC) processes, and collaborate with Infrastructure and Application delivery  teams overseeing and advising in their journey to the Cloud. The perfect candidate will be a self-driven individual at ease both in technical Data Security, Data protection measures, as well as regulatory frameworks. Experience with and financial regulations is appreciated but not mandatory.

Your role:

• Define and build Cloud security governance, risk and compliance practices & frameworks to help business units to build & deliver solutions that meet the Banks regulatory and compliance requirements such as PCI, GDPR, NYDFS-500, etc.
• Lead the creation and documentation of cloud cyber security standards and frameworks; policies, standards, baselines, guidelines and procedures, following popular standards such as CSA CCM, NIST, CIS, PCI, CSA, etc.
• Participate in risk assessment processes: Act as a subject matter expert evaluating security risks, technical contro     ls, and identify mitigation requirements and develop accreditation recommendations; be responsible for tracking requirements and validate that tasks are on schedule, and ensure the delivery of quality documentation
• Work in collaboration with the team that designs and builds cloud-native continuous compliance capabilities and automate the risk assessment, quality of deliverables produced by the teams, help them align with overall targets.
• Develop security assessment reports to include all the assessment results and assigned mitigation strategy for each risk; perform analysis on each finding to promote a better understanding of the risks to organizational operations; organizational assets, and individuals
• Collaborate with Security Advisors to lead focused and continuous cloud security risk assessments of new and existing technologies to identify risks, and appropriate controls that balance security and operability
• Communicate effectively Cloud orientations to business leaders, security and application teams

Your Profile:

• At least 3 years experience working with cloud environments, AWS preferably (GCP or Azure an asset), and Industry best practices for cloud security shared responsibility model, cloud ready governance best practices and architecture;
• Experience and knowledge with Governance, Risk Management and Compliance
• Some Hands-on experience in architecting, supporting or developing Cloud-based solutions for AWS, or other Cloud Service Providers (CSP), including IaaS, PaaS, and SaaS environments.
• Experienced with security and risk control frameworks related to cloud, especially the CSA Cloud Control Matrix an asset (NIST CSF and other frameworks also relevant)., etc.;
• Knowledge of security controls, incident detection/response and countermeasures (defense in depth)
• Cloud-Related certifications are not required but are assets.
• Highly self-motivated, self-directed and attentive to detail
• Ability to define, document, initiate, educate and communicate (new) processes and plans across multiple teams.
• Facilitation skills with an ability to build relationships with stakeholders;
• Good written and interpersonal communication skills
• Understands fluently French and English.

Your benefits

Upon hiring, you will be eligible for a wide range of benefits. In addition to competitive compensation, we offer attractive benefits for you and your family:

• Health and wellness program, including many benefits
• Flexible group insurance
• Pension plan
• Employee Share Ownership Plan
• Employee and family assistance program
• Preferred banking services
• Volunteer program
• Telemedicine
• Virtual sleep clinic

These are just a few of the many benefits we offer. We've rolled out a number of additional measures to ensure your health, safety and wellbeing during the pandemic.