In this senior role you will be responsible for developing security standards, assessing risk, and reviewing product architectures in VMware on AWS Cloud (VMC) and other cloud or hybrid environments.  You will partner with other members of global Information Security and internal stakeholders to perform security assessments, threat modeling and inform the design of performant, resilient and compliant VMC, cloud-native, and hybrid architectures. 

You will engage with product management, development, architecture, and information technology partners to ensure security is designed into all initiatives from the outset. 

• Developing and updating security standards for hosted environments including VMC, AWS and other cloud environments 

• Proactively engaging with product teams to assess migration plans and designs to ensure security requirements are accounted for  

• Partner with the Office of the CTO (OCTO) enterprise architects to streamline and validate their architectural assessment with expertise in security architecture, regulatory compliance, resiliency and disaster recovery 

• Proactively identify and document technology risks to the enterprise across the cloud (VMC primary; AWS, Azure or GCP secondary) environments and make recommendations to the information security leadership and engineering teams for mitigating and/or compensating controls 

• Design and develop security solutions that augment and expand current tooling 

Summary: 

Reporting to the head of Information Security Architecture and Engineering, you will build and execute on a backlog of strategic and tactical work items related to the securing of our product platforms.  You will primarily be working with VMC but may have exposure to AWS native, Azure and GCP.  You will work directly with product teams, enterprise architects, IT, and others to assess architectural designs, technical implementations, standards documentations and other work products as they relate to security, compliance and resiliency.  You will manage security standards documentation, drive automation and reporting, and assessment of control implementation.  You will make recommendations to harden IHS Markit’s security posture and proactively identify risks and potential mitigating or compensating controls. 

What will you be doing in addition to the above: 

• Partnering with security engineering teams to design internal security systems as they relate to automation, GRC, threat intelligence and CI/CD tooling 

• Leveraging your extensive experience to define and drive adoption of security standards, processes, tools, and automation to protect and support the needs of our products and services 

• Contributing to broader strategic discussions concerning standards, policies, technology, and processes, bringing your ability to bear in improving the overall security posture of the organization 

• Driving KPI/KRI metrics and reporting framework to measure the efficiency and effectiveness of the controls under management 

• Partnering with key stakeholders to ensure that security design principles are implemented and operationalized in support of policies and standards 

• Keeping abreast of latest technologies and innovations in security and monitor industry trends and threats 

What are we looking for:  

• Minimum of five years’ experience working with VMware, vSphere, NSX, VMC related technologies in a large scale, highly automated, enterprise setting from an architectural perspective 

• Minimum of five years’ experience in Information Security to include increasing leadership experience 

• Minimum of three years’ working with AWS in a deeply technical capacity 

• Strong architectural, technical and business analysis knowledge, this resource should be able to seamlessly and proactively engage with business partners to perform assessments and inform key security design considerations with minimal supervision 

• A natural ability to simultaneously use your technical experience, strategic mindset, and people skills    

• Comfortable working with teams and automated CI/CD pipelines and delivery of resilient and performant architectures in a SecDevOps model 

• Knowledge of cloud networking architecture, identity, cloud operations, security, automation, and orchestration  

• Strong understanding of technical security controls, including end-user, office, and data center environments, with a verifiable understanding of threats, vulnerabilities, and mitigation techniques in cloud, on-premise, and hybrid environments 

• Excellent organizational, research, and verbal/written communication skills, with a proven ability to effectively engage partners, clients, and individual technical and business staff  

• Strategic thinker, keeping big picture in mind while ensuring execution excellence 

• Ability to prove security experience via certifications  

• Self-motivated and willing to take on challenges while adapting to an ever-changing global threat landscape and internal/external partner operational environment 

• Familiarity in a variety of industry and regulatory frameworks for cybersecurity, IT and privacy such as ISO 27001, ISO 27017, PCI-DSS, NIST CSF, NIST SP 800-53/ITSG-33, CCPA, GDPR, ITILv3, SOC 2, and SOC 3