1. As the technical owner, engineers, implements and maintains enterprise on-prem and cloud security capabilities that are pragmatic, user friendly, and meets the IMF’s information security and privacy policies, standards, and architectural principles, working closely with the Information Security, Enterprise Architecture and Application teams.

2. Tunes/optimizes all on-prem and cloud security solutions, monitors network stability by modifying network and cloud security infrastructure in response to application changes.

3. Ensures best practices are implemented, network and cloud security solutions are used to their full capacity, service levels are met, and all licensed modules/features are enabled and properly configured.

4. Identifies and mitigates cloud-based security risks, developing and implementing security controls for the cloud, such as access control, data encryption, and network security.

5. Supports the Section Chief in developing and implementing effective processes and an operating model for on-prem and cloud security services. Manages the network and cloud security operations teams comprising contractors and MSP personnel ensuring timely delivery of key services.

6. Consults and guides application teams around network and cloud security capabilities.

7. Manages the security, availability (HA and DR), and performance of the IMF’s on-prem and cloud security infrastructure and applications implementing rigorous resiliency measures to safeguard critical assets.

8. Identifies opportunities and implements automation for security and operational tasks to improve incident response, performance and reduce operator errors utilizing scripting.

9. Understands all aspects of dependencies for business processes on network and cloud security systems and applications, troubleshoots escalated multiuser incidents, and manages resolution of root causes for security, performance, reliability, or availability issues.

10. Stays at the forefront of emerging network and cloud security technologies, standards, attack trends, zero-day vulnerabilities, and best practices, and apply this knowledge to enhance IMF’s security management strategies.

11. Works with the IMF’s security operations center, implements effective monitoring, integration with XDR and SEIM platforms, and assists in defining relevant use cases to identify potential security breaches or policy violations.

12. Collects, tracks and reports on various network and cloud security service SLAs/metrics/KPIs/KRIs

13. Develops and maintains up-to-date documentation, standard operating procedures and playbooks related to on-prem and cloud security design and operations. Create end user training materials and conduct user training.

Requirements:

Minimum Qualifications

Advanced degree in information security, computer science, engineering, mathematics or related field of study or equivalent, plus a minimum of 4 years of relevant professional experience; or a bachelor’s degree in computer science or a related field of study plus a minimum of 10 years of relevant professional experience, is required.

• Candidate should possess one or more (preferred) of the following certifications: CISSP, CISM, SABSA, CEH, GCSA, GDSA, GCIH, ITIL, OSCP, Cisco/Microsoft advanced security certifications.
• Must have a minimum of 3 years’ experience managing enterprise-wide network and cloud security services based on zero-trust.

Knowledge and/or experience (preferred) in:

• Engineering, implementing and operations of networking technologies and protocols (routing, switching), and on-prem and cloud security tools such as network proxy, firewalls (Checkpoint, Palo Alto), web application firewalls, NDR, Network Analyzers, Network Access Control, container security (Kubernetes preferred), logging and alerting with SIEM, strong authentication, IPS/IDS, VPNs, DDoS etc.
• Implementing Zero Trust at scale across hybrid environments.
• Managing SASE, CASB, ZTNA, SWG technologies.
• Hybrid cloud architectures, cloud brokering solutions or cloud management solutions for Public/Private Cloud.
• Engineering and operations of Cloud Native Application Protection Platforms (CNAPP) including CSPM, CWPP, CSNS, DevSecOps for protecting multi-cloud environments (Microsoft preferred).
• Infrastructure security automation, capacity monitoring and automated scaling solutions. Security Orchestration and Automated Response solution (Palo Alto SOAR) to enhance security toolsets.
• Using cloud technologies to provide data protection, container security, networking, system administration and zero-trust architectures.
• Scripting languages (e.g., PowerShell, Python, Terraform, Ansible, Bash).
• MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration, and scoring.
• Enterprise level IT service management, including continuous service improvement.
• Engineering and operating highly resilient PKI and Key Management services.

Work management skills

• Familiarity with a broad range of technologies supplemented by in-depth knowledge in specific areas of relevance. Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
• Excellent insight of business and technology trends and their impact (risks and opportunities) to business enablement.
• Curiosity and thoroughness in problem-solving — leaving no stone unturned.
• Analytical skills that enable synthesis and correlation of inputs from many sources and allow for strategic thinking and tactical implementation.
• Ability to establish and maintain effective partnerships and working relations in a multi-cultural, multi-ethnic environment with sensibility and respect for diversity.
• Excellent management, organizational and interpersonal skills to influence others towards a shared vision and positive results with or without the line of command.
• Excellent written and verbal communication skills that are compelling, convincing, and reassuring, with the ability to articulate complex technical ideas to non-technical stakeholders.
• Personal drive, ownership, and accountability to meet deadlines and achieve agreed-upon results.
• Proven ability to collaborate with IT colleagues to prioritize work, develop roadmaps, enhance services, and contribute meaningfully to the department’s service delivery.