Cloud Security Architect at If P&C Insurance (Solna, Sweden)
Location: Solna, Sweden
Type: Full Time
Created: 2021-04-28 05:00:54
Cloud & DevOps CoE
Cloud & DevOps CoE is a Center of Excellence unit within If IT with the responsibility for developing if´s Public Cloud Platforms, Microsoft Azure and Google Cloud Platform as well as driving If´s DevOps adoption. The unit is focused on supporting the enablement of If´s Digitalisation Journey.
If has a strong culture of owning and developing its IT solutions. Over 1000 of our 7500 employees work with IT and we have over 30 internal development teams. These teams are increasingly deploying their solutions to Microsoft Azure, where year over year usage has grown by almost 300% in the last years.
Security is an essential part of the organisation culture, and often need frequent educations and collaborations. As a Cloud Security Architect, you will be participating in both high-level architectural discussions with the platform governance teams as well as hands on with the software development teams to help them achieve secure developed solutions. You will work closely with the platform owners, IT Security as well as the Application Security Team which helps the development teams code securely. You will also work closely with the network team to make sure the overall governance and centralized solutions that are developed are aligned with the public cloud platforms overall roadmap regarding ease of use, DevOps culture and security culture.
You will be the person that the rest of the organisation relies on regarding new features in the public cloud platforms and overall guides of how the organisation develops solutions that are secured in the public cloud platforms. You will help both the platform governance teams as well as the software development teams to translate the policies, laws and guidelines produced by the IT Security and for instance EU to more comprehensible guidelines and principles to be used in practise by the development teams. You will also work together with the overall SRE team to make sure alerts are reviewed and sometimes translated into new policies, help with investigations and isolations in case needed.
Your role is extremely important in If and will require a person who likes to empower other teams and people as well as keeping a firm ground in the fundamentals of security. Negotiating business leaders and explaining why something is important and changing the culture of the organisation into a modern workplace with security as a culture.
The role is Nordic and you will be working with many different people and teams, with different mindsets and skills, which require you to be a smooth collaborator with strategic skills.
You will join a team that always has one foot in the cloud and DevOps as a mindset. DevOps is about influencing people and having an effective coaching is a big part of that success. This is what we do in a fast-paced and geographically diverse environment. The role will be key to ensure If’s digitalization journey and have a major impact on the architecture and development of current and future product and platform offerings.
Define the adoption of good and secure development and operations practices in If, in terms of DevOps and DevSecOps practices, environments, processes and tools
Be a subject matter expert in Cloud Security and be able to zoom in and out dependent on situation and team maturity
Provide technical and architectural guidance as well as hands-on support that support If´s digitalization journey
Monitor current and future trends in the Cloud Security as well as laws, risks and security threats and influence product and technology direction also incorporating the financial dimension
Work collaboratively across multi-disciplinary teams throughout the company as a Cloud Security subject matter expert with implementation and modernization in focus
Coaching and working with Cloud Engineers located in Riga
Coaching and working with IT Security, driving thru coaching the change to a more modern security approach
Coaching and working with the SRE team to manage alerts and incidents
Working closely with the Application Security Team to educate on best practices in the Cloud Security area
Participate in Architectural decisions with a Cloud Security focus
To be successful in this role, you will within the next two years have:
Defined a long-term roadmap and vision on how to design, deploy and operate secure cloud-based architectures
Strong understanding across Cloud and the services they provide
Preferably experience in following technologies: Microsoft Azure (cloud and architecture), Google Cloud Platform (cloud and architecture), Software development and integration (.NET), Mobile development, Databases (Cosmos/SQL/ML), Server configuration (Linux/Windows), Web Development (Angular, Web Forms, Single Page Applications), Microsoft Secure Development Lifecycle, Threat Modeling, GDPR, Common risk frameworks, common best practices, both a solid foundation in security as well as how to apply them in a modern context, OWASP, Azure Security features and tools, Network Security
Provide expertise for roadmaps, pre-studies and design workshops within project/program
Take ownership of our Platforms (Public Cloud, Monitoring and Development Tools) Security area, supporting our application lifecycle management structure and governance
Strong belief in automation and implementation of configuration management and continuous deployment practices
Establish good cooperation with our operations team in IT Baltics
As a person you are:
Forward-thinking, visionary and driven
Have a strategic mindset
Adept at structuring & analysing technology questions and concluding recommendations, also incorporating the financial dimension of decisions
Able to communicate, educate and collaborate effectively with others, and speak English fluently
Have strong technical knowledge in Infrastructure/Technical Architecture, preferably with concrete experience of Cloud Services for application hosting
You preferably hold certifications in IT Security, and in Azure such as AZ-500, CISSP, CCSP or similar.
You have a strong background in Security and also experience in Cloud Security and modern security challenges.
You understand basic Identity frameworks and how they work, as well as the difference between Authorization and Authentication.
Dedicated to creating an inspiring working environment for our IT units and engineering teams
Understands the MITRE ATT&CK framework
What will you get in this role in return?
An inspiring role driving adoption of emerging technologies and new ways of working in If
To be apart of a great team of Cloud Architects and Agile Coaches to help enable the digitalization journey
The opportunity to be instrumental in adoption and transformation of Infrastructure Architecture as well as supporting DevSecOps and security quality across If
As much freedom as possible – including the accountability that comes with it
The role will be in Stockholm and reports to the head of Cloud & DevOps CoE. Some travel will be required since the role has responsibility throughout the countries in which If operates. All applications must contain a cover letter and CV. Last date to apply is 15th of May. We will reviewing applications as they come in, so don’t wait to get yours in.
For more information regarding the position, please contact:
Viktor Junling, Head of Cloud & DevOps CoE, +46 73 422 84 40 (mail: [email protected])