Define and mature cloud-focused security policies and controls (governance, processes, frameworks)

Identify, Implement, and Operationalize security technologies and processes to improve visibility and reduce risk

Leverage data analytics to influence our cloud security posture

Partner with other technical leaders throughout the organization to refine and mature Ally’s security posture for cloud-based technologies and platforms, as well as identifying and maturing our application security capabilities

Consult with project teams to ensure that platform architecture has proper security controls in place (focused on Cloud Providers / SaaS engagements)

Engage as needed in other Cloud Security efforts where skills may overlap:  Cloud Platform Security and DevSecOps / Pipeline Security

Qualifications

Demonstrated technical expertise in two or more technology areas (compute, storage, network, data, etc)

Experience as a software developer with knowledge of automation, Infrastructure as Code and DevOps + CI/CD tools and processes

Strong background in information security practices, controls, and governance (CISSP preferred)

5+ years of experience as a technical resource within an IT organization (enterprise / matrixed organization preferred)

2+ years of experience with cloud platforms (operational experience preferred for AWS, Azure, GCP, etc)

Strong soft skills:  builds partnerships, translates complexities into simple terms, ability to maintain focus on objectives

Highly proficient in drafting technical documents:  process/procedures, standards/policies, architectures, etc)