HedgeServ is a leading global fund administrator with over $450 billion in assets under administration. We leverage proprietary technology, robotic process automation, machine learning, and extensive transaction data to optimize client experience. HedgeServ fosters an entrepreneurial and innovative spirit, providing a productive and agile environment for its 1,500+ professionals worldwide. We offer customizable solutions for risk, portfolio management, middle office, investor relations, accounting, regulatory, compliance, and tax services.
HedgeServ is a progressive company with a future-focused mindset, offering robust career development frameworks, clear learning paths, and flexible working arrangements, including remote and hybrid options. We provide fully paid comprehensive health and well-being benefits. HedgeServ was recognized as a Next Gen employer by RippleMatch in 2022 and operates 13 offices globally.
Job Description
The Cloud Information Security Engineer is responsible for developing, implementing, and operating a comprehensive, enterprise-wide information security strategy and program for HedgeServ, with a primary focus on our cloud environments. This role involves creating security policies, standards, and procedures, utilizing a risk-based methodology to anticipate threats, identify potential impacts, and serving as HedgeServ’s representative for cloud security strategy and roadmap execution. Key duties include:
- Adopting a cloud-first and cloud-native approach to security, with a deep understanding of best practices.
- Developing and implementing a risk management program for security and privacy, including threat modeling, risk and vulnerability identification, risk analysis and mitigation planning, and reporting to executive management.
- Providing strategic and tactical security guidance for programs and projects, including evaluating enterprise architecture, hardware, software, and technical controls.
- Collaborating proactively with the IT Leadership team to ensure strategic plans, security programs, and technical controls align with business strategies and comply with policies, laws, and regulations.
- Coordinating external third-party resources for the development, implementation, and monitoring of the Cloud Information Security program, including penetration testing.
- Establishing a metrics-driven dashboard to evaluate the effectiveness of the Cloud Information Security program.
- Serving as a key thought leader in Cloud Information Security, collaborating with partners and vendors to develop thought leadership around policies, processes, and capabilities to enhance HedgeServ's Cloud Security Strategy.
- Staying informed about new technologies and application methodologies through publications, professional organizations, and industry contacts.
- Participating in the design and administration of security systems, reflecting state-of-the-art security best practices and compliance, with a focus on balancing security effectiveness and operational efficiency, particularly within DevOps environments.
Pre-requisite knowledge, skills, and experience:
- 5+ years of experience in the information technology field or a similar role.
- 5+ years of experience with multiple cloud environments, including AWS.
- Excellent interpersonal and written communication skills.
- Experience with projecting and controlling Cloud spend.
- Detail-oriented with strong documentation experience.
Technical Responsibilities/Qualifications:
- Securing communications, applications, and business systems.
- Performing cloud risk assessments.
- Overseeing the drafting of policies and procedures for secure daily cloud operations.
- Planning, testing, and managing disaster recovery and security breaches.
- Understanding of governance and compliance, with the ability to enforce policies.
- Incident management and investigation.
- Understanding of the threat landscape and ability to analyze risk across a dispersed portfolio.
- Familiarity with Cyber Security frameworks, including NIST and ISO Security Architecture/Engineering.
- Experience implementing security frameworks such as ISO, NIST, SANS top 20, and OWASP.
- Forward-thinking, proactive approach to security.
- Self-starter, resolution-minded, outside-the-box thinker and doer.
- Ability to shift priorities as needed and possess a sense of urgency.
Preferable Certifications:
- Certified Information Security Systems Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- AWS Certified Security – Specialty (CSC-C02)