Pearson Senior Cloud Security Services Compliance Developer in Iowa City, Iowa

Senior Cloud Security Services Compliance Developer

Description

At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always re-examining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small.

In addition - Technology has changed our expectations of how we live, work, communicate. Learners expect education to be engaging and inspiring. They expect digital learning to be as responsive, secure, fast and effective as the other apps in their pocket - Facebook, iTunes. They expect to have access to learning anytime, anyplace, any device and get help when they need it - Consumer Grade without being a target of cyber attacks.

As an education and print company, Pearson has scores of legal and contractual obligations. Compliance to government laws such as GDPR, HIPAA and FERPA, and industry requirements such as PCI DSS are critical to building and maintaining trust relationships and a solid reputation.Compliance to Policy is crucial to preserving information security, whether our data resides in a private or a public cloud, and knowing how to measure, monitor, and automatically action security policies and controls is a key skill.

Responsibilities

As adirect report to the VP of Governance, Risk, Compliance and Assurance, you will have the following responsibilities:

  • Monitor and drive regulatory and industry compliance across global Pearson in both public and private cloud

  • Participate in the development and deployment of actionable policy compliance rules into AWS

  • Change the way Pearson compliance automation is established for AWS environments

  • Participate in the design and implementation of automated AWS/Cloud based risk and compliance processes and tools

  • Guide and support AWS Cloud compliance engineering integrations with enterprise GRC platforms such as Allgress

  • Support the deployment of ComplianceVision within Allgress

  • Build working relationships with corporate technology and business teams and other stakeholders such as HR, Legal, and Procurement to better understand compliance requirements and inherent risks.

  • Evaluate security technologies for cloud environments in order to implement, monitor and measure the efficacy of controls in the most streamlined and integrated manner

  • Support the deployment of automated security solutions for cloud delivery processes

  • Support the development of cloud security solutions to enable production security operations (SOC)

  • Support the development and deployment of compliance solutions for large-scale cloud environments using container and microservice technologies

  • Support the development of security and compliance capabilities in support of DevOps processes

  • Support the development and deployment of automated solutions to secure cloud development processes

  • Craft and evangelize secure cloud platform & product requirements

  • Communicate security risks and solutions to business partners, platform & product teams

  • Embrace a culture of continuous service improvement and service excellence

  • Stay current on security industry trends

Qualifications

Required Experience

  • Familiarity with industry and regulatory compliance requirements and Risk Management methodologies

  • Overall 4 years experience in Technology with extensive experience in cloud solutions (AWS, OpenStack)

  • At least 3 years architecting and developing AWS- based applications solution design and development, security of access endpoints, data and infrastructure in cloud with strong EC2, IAM, KMS, HSM, S3, GuardDuty, Cloudwatch and Cloud Trail knowledge.

  • Minimum 2 years of experience with implementing and automating cloud compliance including tools such as : AWS inspector, CloudPassage, CloudChekr, AWS config, Cloudformation, Terraform and Service Catalogue

  • Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 27017

  • Threat and risk modelling experience

  • Integrating cloud compliance tools and processes to enterprise risk platforms such as Allgress or other eGRC tools (such as Archer)

  • Bachelor's Degree in Computer Science or related field or equivalent experience.

  • Experience with custom development using AWS integration technologies, Python, Java/EE, JSON, SAML, XACML, SCIM.

  • Hands on-Experience in virtualization, Cloud Formation, Python in building hybrid cloud models with with layered security

  • Real time scalability and highly available solutions leveraging functions like Lambda, AWS Auto Scaling and Cloud Formations.

  • Source code management tools such as BitBucket

  • Skilled in HTML/CSS, JSON, REST, HTTP, Python, Java/EE, SAML, XACML, SCIM

  • AWS certification along with other security certifications such as CISSP, CISM is a plus

  • Actively Participate in data design sessions

  • Knowledge in development languages such as Java, .Net, Node.js, Python, Ruby etc.

  • The candidate will apply their experience driving and building reliable, scalable, secure data driven process automation for managing compliance

  • Hands-on knowledge on DevOps methodologies and tools like SVN/GIT, Jenkins, JIRA, confluence, various monitoring/alerting tools;

  • Experience on Agile delivery;

  • Familiar with a broad range of cloud security technologies such as Container, encryption and key management, DDoS protection, configuration compliance

  • Some proven ability in securing the CI/CD pipeline

  • Experience in developing continuous threat and vulnerability assessments and continuous control monitoring of policies

Competencies and Behaviors

  • Highly self-motivated with the ability to identify areas of focus and tackle new challenges with or without direction.

  • Must be able to communicate effectively and build solid relationships with individuals at all levels, in multiple geographies and business functions.

  • This person will interact with leaders and individual contributors across Pearson as they drive compliance - and explain WHY. Must be patience, intuitive, empathetic, and influential.

  • Strong oral, written, and presentation abilities - able to convey risk to all levels of the business, from C-level executives to operations and development teams;

  • Strong business acumen with the ability to build business cases for technology initiatives and to effectively communicate the value proposition to non-technical stakeholders

  • Demonstrated ability to work under pressure.

  • Ability to work within a dynamic and fast paced international environment

  • Ability to build rapport with other team members and relevant teams

  • Technically innovative

  • Ability to use own initiative to solve technical problems

  • Be a team player (this isn’t a competition- it’s a TEAM SPORT).

  • Takes responsibility for projects and strategic initiatives

  • Demonstrate clear and measurable results through the development of KPIs, goals and milestones

  • Drive innovation and best practice

  • Strive for standardization and simplification in all aspects of work

  • Able to balance the needs of the business against the desire for the best solution possible

#LI-LL

Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.

Primary Location: US-CO-Centennial

Other Locations US-IA-Iowa City, US-TX-San Antonio

Work Locations: US-CO-Centennial-2154 East Commons 2154 East Commons Avenue Centennial 80122

Job: Technology

Organization: Technology & Operations

Employee Status: Regular Employee

Job Type: Standard

Shift: Day Job

Job Posting: Sep 28, 2018

Job Unposting: Ongoing

Schedule: Full-time Regular

Req ID: 1813165

Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.