Search Our Career Opportunities

VP Cloud Security

Date: Mar 20, 2019

Location: Milwaukee, WI, 53202

At Northwestern Mutual, we believe relationships are built on trust. That our lives and our work matter. These beliefs launched our company nearly 160 years ago. Today, they're just a few of the reasons why people choose to build careers at Northwestern Mutual.

We're strong and growing. In a company with such a long and storied history, this may be the most exciting and important time to be a part of Northwestern Mutual. We're strong, innovative and growing.

We invest in our people. We provide opportunities for employees to grow themselves, their career and in turn, our business.

We care.  We make a positive difference in our communities. Nationally, thousands have benefitted from our support of research and programs to fight childhood cancer. Each year, our Foundation, employees and financial representatives donate time, talent and financial support to causes they're passionate about.

 

We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

 

What's the role?

Reporting to the CISO this senior leader is responsible for execution of the organization’s defined security architecture for Infrastructure as a Service (IaaS) and DevOps platforms based on AWS and Azure. Provides security thought leadership across cloud domains and assures seamless integration into the enterprise security and risk framework. This is accomplished through focus on people, process and automation (“security as code”).

 

Implements and operationalizes security requirements and business processes through pattern development aligned with the company security standards and policies. Partnering with cloud automation and application development teams the head of cloud security will design security patterns and deliver code to integrate and automate AppDev security at scale. Lead the program to ensure the integrity of code: deployment and operationalization of effective controls for CICD pipelines including SAST, DAST practices.

 

The VP, Cloud Security role will participate with a team of peers in DevOps, Enterprise Security and Threat Management, and Risk Management to ensure effective integration of Azure/AWS into enterprise security framework. Assures compliance with requirements as a function of the ongoing cloud technology environment. Leads DevSecOps experts across applications and platforms. Ensure appropriate requirements are met for technology and business projects or other security topics.

 

 

Bring Your Best! What this role needs:

 

 

  • 10+ years of relevant experience in Cyber Security, Identity and Access Management, Cloud IT security design, Technology Architecture and in conducting and designing risk assessments for technology.  3-5 years be in DevSecOps and Security as Code.
  • Requires a Bachelor’s Degree in Technology and a Master's Degree in Technology or equivalent experience.
  • Hold one or more security certificates (CISSP, CRISC, CISA, CSA, CEH, CISM)
  • One  AWS/Azure related certification and familiarity with AWS & Azure shared responsibility model and services.
  • Knowledge about emerging software delivery methodologies (Agile, Scrum & Kanban) & technologies
  • Understanding of control and risk management concepts and knowledge of operational aspects of the information risk business.
  • Deep understanding and experience working within the “Three Lines of Defense” model. Knowledge of financial services industry and its regulations/laws desirable.
  • Leadership experience including influencing stakeholders and delivering on strategic priorities
  • Strong interpersonal and communications skills; able to work in a collaborative, team-oriented
    environment.
  • Highly skilled at drawing and evaluating “specific function” processes, highlighting risk and controls.
  • Liaise with the cloud transformation program in close partnership with security, application and cloud platform leaders.
  • Function as a change agent to enable the cloud and digital transformation initiatives from a security perspective. 
  • Support the adoption of devops culture and practices in the EIRC teams through active thought  leadership, talent acquisition, skills development,  in cloud and devops mindset, technology and operating models. 
  • Drive adoption of security embedded in application and platform teams through training, awareness and integration of security principles into the CICD pipelines
  • Possess deep understanding of best practices in securing the cloud security through effective combination of native and established security capabilities.
  • Partner with platform and development teams to assess and close gaps in cloud security posture across the security disciplines of IdAM, Network and Data protection, CICD, infrastructure security, vulnerability Mgmt, compliance validation, incident response and logging/monitoring, Insider Risk management, etc.

 

Req ID: 24763
Position Type: Regular Full Time
Education Experience: Bachelor's Required
Employment Experience: 9+ years
Licenses/Certifications: Not Applicable
FLSA Status: Exempt
Posting Date: 02/19/2019