Cloud Information Security Engineer

HedgeServ is a leading global fund administrator with more than $450 billion in assets under administration across all investment vehicles including Hedge Funds, Private Equity Funds, UCITS, Hybrid Credit Managers, Funds of Funds and Managed Account Platforms. We optimize our clients’ experience using unique proprietary technology coupled with robotic process automation, intuitive digital programs powered by machine learning, and enhanced by an extensive proprietary transaction data set. HedgeServ’s entrepreneurial and innovative spirit cultivates a productive and agile environment enabling its team to anticipate clients’ needs and consistently deliver solutions in real time. Led by the most experienced team of industry experts, HedgeServ with 1,500+ professionals around the globe expertly provides customizable solutions for their clients’ risk, portfolio management, middle office, investor relations, accounting, regulatory, compliance, and tax services. Since its inception in 2008, HedgeServ has received numerous accolades, including Top Overall Administrator and #1 rankings for Fund Accounting, Reporting & Reporting Technology, Client Service, Investor Services, Alternative Fund Expertise, and Regulatory Expertise.

HedgeServ is a progressive company with continuously evolving ways of working to ensure a future-focused mindset. Our employees benefit from a robust career development framework and clear learning paths which outline career trajectory, training and progression plans. HedgeServ supports employees through a variety of offerings, including remote and hybrid working arrangements, and fully paid comprehensive health and well-being benefits. HedgeServ was recognized as a Next Gen employer by RippleMatch on its list of 100 top workplaces for Generation Z for 2022. HedgeServ operates 13 offices in the United States, Grand Cayman, Ireland, Poland, Bulgaria, Luxembourg, Philippines and Australia.

Job Description

The Cloud Information Security Engineer is responsible for the development, implementation, and operations of a comprehensive, enterprise-wide information security strategy and program for HedgeServ, focusing on our cloud environments. They create security policies, standards, and procedures. They utilize a risk-based methodology to anticipate threats and identify potential impact and serve as HedgeServ’s representative regarding cloud security strategy and execution of HedgeServ’s cloud security roadmap. The Engineer has duties that include, but are not limited to:

• Cloud-first and Cloud-native approach to security, with a deep understanding of best practices
• Develops and implements a risk management program for security and privacy-related areas, which includes modeling threats, identifying risks and vulnerabilities, establishing a risk analysis and mitigation plan, and reporting to executive management on both a regular and event-driven basis
• Provides strategic and tactical security guidance for programs and projects that may involve security controls, including the evaluation of the enterprise architecture, hardware, software, and technical controls
• Works proactively with the IT Leadership team and their direct reports to assure strategic plans, security programs, and technical controls are aligned with their respective business strategies and in compliance with policies, applicable laws, and regulations
• Coordinates the use of external third-party resources involved in the development, implementation, and monitoring of the Cloud Information Security program, including performing penetration tests.
• Establishes a metrics-driven dashboard to evaluate the effectiveness of the Cloud Information Security program.
• Serves as a key thought leader in the field of Cloud Information Security, which includes working with key partners and vendors to develop thought leadership around policies, processes, and capabilities that can help change or enhance the Cloud Security Strategy at HedgeServ
• Keeps informed of new technologies or application methodologies through publications, membership in professional organizations, and contact with other IT organizations and institutions.
• Participate in the design and day-to-day administration of security systems that reflect state-of-the-art security best practices and compliance, ensuring a focus on balancing security effectiveness without introducing material operational friction – strong focus on DevOps and team enablement

Pre-requisite knowledge, skills, and experience:

• 5+ years of experience in the information technology field or similar
• 5+ years of experience with multiple cloud environments, including (but not limited to) AWS
• Excellent interpersonal and written communication skills
• Experience with projecting and controlling Cloud spend
• Detail-oriented and strong documentation experience

Technical Responsibilities/Qualifications:

• Securing communications, applications, and business systems
• Performance of cloud risk assessments
• Oversee drafting of policies and procedures for secure daily cloud operations Planning, testing, and managing disaster recovery and security breaches Understanding of governance and compliance, as well as the ability to enforce policies
• Incident management and investigation Understanding of threat landscape and ability to analyze risk across a dispersed portfolio
• Familiarity with Cyber Security frameworks, including NIST and ISO Security Architecture/Engineering
• Experience implementing security frameworks such as ISO, NIST, SANS top 20, and OWASP
• Forward thinking, proactive approach to security Self-starter, resolution-minded, outside the box thinker and doer
• Must have a sense of urgency and the ability to shift priorities as needed

Below certifications are preferable:

• Certified Information Security Systems Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• AWS Certified Security – Specialty (CSC-C02)