The Cloud Information Security Engineer is responsible for the development, implementation, and operations of a comprehensive, enterprise-wide information security strategy and program for HedgeServ, focusing on our cloud environments. They create security policies, standards, and procedures. They utilize a risk-based methodology to anticipate threats and identify potential impact and serve as HedgeServ's representative regarding cloud security strategy and execution of HedgeServ's cloud security roadmap. The Engineer has duties that include, but are not limited to: Cloud-first and Cloud-native approach to security, with a deep understanding of best practices Develops and implements a risk management program for security and privacy-related areas, which includes modeling threats, identifying risks and vulnerabilities, establishing a risk analysis and mitigation plan, and reporting to executive management on both a regular and event-driven basis Provides strategic and tactical security guidance for programs and projects that may involve security controls, including the evaluation of the enterprise architecture, hardware, software, and technical controls Works proactively with the IT Leadership team and their direct reports to assure strategic plans, security programs, and technical controls are aligned with their respective business strategies and in compliance with policies, applicable laws, and regulations Coordinates the use of external third-party resources involved in the development, implementation, and monitoring of the Cloud Information Security program, including performing penetration tests. Establishes a metrics-driven dashboard to evaluate the effectiveness of the Cloud Information Security program. Serves as a key thought leader in the field of Cloud Information Security, which includes working with key partners and vendors to develop thought leadership around policies, processes, and capabilities that can help change or enhance the Cloud Security Strategy at HedgeServ Keeps informed of new technologies or application methodologies through publications, membership in professional organizations, and contact with other IT organizations and institutions. Participate in the design and day-to-day administration of security systems that reflect state-of-the-art security best practices and compliance, ensuring a focus on balancing security effectiveness without introducing material operational friction - strong focus on DevOps and team enablement Prerequisite knowledge, skills, and experience: 5+ years of experience in the information technology field or similar 5+ years of experience with multiple cloud environments, including (but not limited to) AWS Excellent interpersonal and written communication skills Experience with projecting and controlling Cloud spend Detail-oriented and strong documentation experience Technical Responsibilities/Qualifications: Securing communications, applications, and business systems Performance of cloud risk assessments Oversee drafting of policies and procedures for secure daily cloud operations Planning, testing, and managing disaster recovery and security breaches Understanding of governance and compliance, as well as the ability to enforce policies Incident management and investigation Understanding of threat landscape and ability to analyze risk across a dispersed portfolio Familiarity with Cyber Security frameworks, including NIST and ISO Security Architecture/Engineering Experience implementing security frameworks such as ISO, NIST, SANS top 20, and OWASP Forward thinking, proactive approach to security Self-starter, resolution-minded, outside the box thinker and doer Must have a sense of urgency and the ability to shift priorities as needed Below certifications are preferable: Certified Information Security Systems Professional (CISSP) Certified Information Systems Auditor (CISA) AWS Certified Security - Specialty (CSC-C02) Show more Show less