Industry Cloud Risk & Client Excellence Program Specialist

produce formal reports showing how the IBM Cloud Framework for Financial Services control requirements compare to key industry and regulatory standards/requirements, as well as financial institutions' (FIs) internal control frameworks

• Hold discussions with internal stakeholders and clients on an 'as needed' basis to walk them through the results of various mapping assessments
• Support effectiveness and continuous enhancement of the FS Controls Framework and associated methodology by identifying/documenting additional requirements, based on the outcome of controls mapping efforts, that further drives the security and risk architecture
• Work with client and service partner account teams to support risk and controls tracks focused on winning clients
• Coordinate with the IBM Cloud BISO, Compliance teams, Offering Management, and strategic partners in confirming completeness and on-going enhancements of the FS Controls Framework
• Provide subject matter expertise to strengthen controls design and implementation effectiveness
• Partner with IBM Cloud Service/Software, IBM Cloud BISO, Infrastructure, and ISV Ecosystem teams to complete risk evaluations enabling FS Validation approvals for IBM Cloud Services/Software, MZRs, and ecosystem partners (ISVs)
• As part of risk assessments, identify risks, threats, vulnerabilities, potential anomalous flows and interactions, considering potential mitigating/compensating factors
• Develop internal and client-facing collateral providing insights and transparency into the FS Validation and risk assessment processes
• Develop new and enhance existing FS Risk Office program methodology/process documentation
• Oversee multiple in-flight assessments, ensuring program aims are delivered in a timely manner
• Maintain team's Key Performance Indicators (KPIs) and Service Level Agreements (SLAs)

Client Excellence Program

• Help support teams managing the Financial Services Cloud Council and Forum community by sourcing and curating content (blogs, videos, podcasts, etc.) related to risk management in the financial services space

• Assist with researching and writing content that reflects in-depth knowledge of industry's trends and company's objectives

• Help support the teams managing the Client Advocacy, Cloud Executive Sponsor, and the FS Cloud Council programs

Required Technical and Professional Expertise

• Bachelor's degree in cybersecurity, computer science, information systems, marketing, or related field

• 5+ years of cybersecurity, IT risk management, IT audit and/or compliance experience, particularly within the financial services sector

• Professional certification such as PMP, CISA, CISSP, CISM and CRISC

• Hands-on experience in risk management and/or compliance capacity addressing security & compliance matters for regulated clients

• Understanding of global financial services regulatory bodies that oversee technology and cybersecurity risk in the industry, e.g. FFIEC, FCS, RBI, EBA (DORA), APRA, OSFI, MAS, CMORG, ECUC, and EUCS

• Prior experience of proof reading/interpreting regulations along with ability to gauge possible associated risks

• Strong proficiency of multiple security, IT Compliance and auditing standards including but not limited to, NIST Cybersecurity Framework, NIST 800-53, COBIT, ISO 27001, CRI Profile, OWASP, ITILv3, and CSA

• Subject matter expertise in IT operations & security control domains such as application security, cloud security, container security, change management, disaster recovery, data center operations, information and network security

• Exceptional leadership, attention to detail, time management, facilitation and organizational skills including the ability to exercise influence with or without direct management responsibility

• Creativity and judgment to move between multiple projects within the business

• Excellent communication (verbal and written) and interpersonal skills, and an ability to effectively communicate with both business and technical teams, as well as clients (attention to detail crucial)

• Demonstrated discretion and independent judgment, especially in matters of significance to IBM and clients

Preferred Technical and Professional Expertise

• Master's degree in cybersecurity, computer science, information systems, marketing or related field
• 8+ years of cybersecurity, IT risk management, IT audit and/or compliance experience, particularly within the financial services sector
• Strong content editing skills and attention to detail
• Experience with cloud transformation risk management journey
• Practical knowledge of security in application development, DevSecOps, and threat modelling