Program Manager - Security Audit and Cloud Compliance

What success looks like in this role:

Key Responsibilities:

Manage Security Audits – 70%

• Manage internal security audit program based on requirements from International Standards such as ISO, NIST, PCI, SSAE 18 etc.

• Prepare, review and maintain annual security audit plan.

• Schedule and plan audits, perform audit work, including plan preparation, field notes, document findings and confirm completion of associated remediation actions.

• Perform Audits based on criteria defined in ISO, NIST, SSAE18 SOC1/SOC2, SOX, PCI-DSS etc.

• Perform Technical audits for various domains of Security – Few examples include Vulnerability and Patch management, Identity and Access Management, Application Development, DevSecOps, Crisis Management and BC/DR.

• Work with GIS teams to identify scope of infrastructure and applications services to be covered by technical audits.

• Plan, schedule and conduct technical audits.

• Prepare status reports and review with stakeholders on a regular basis

Cloud Compliance – 30%

• Establish and maintain Cloud Compliance program to determine compliance to Unisys Cloud Security policies and industry frameworks like CIS Benchmarks, NIST etc.

• Work with GIS Cloud security teams to define and implement cloud security controls.

• Conduct regular compliance review and support implementation of remediation actions

• Review compliance status with GIS and CIT leadership on a regular basis.

• Drive continuous improvement and leverage automation to improve effectiveness and efficiency of cloud security program.

• Continuously monitor the external environment for new technology/tools/platform and provide recommendations to enhance the cloud security program.

• Conduct Cloud User access reviews, track remediation and report results.

#LI-SP2

You will be successful in this role if you have:

Knowledge and Qualifications:

• Bachelors/ Master’s Degree in Engineering in Computer Science.

• Must have an overall experience of 12-15 years with atleast 5 years technical experience working on infrastructure or application systems.

• Must have a minimum of 5-8 years relevant experience in internal security audits based on the Industry standards.

• Must have done technical audits. Should have had and minimum of 2 years experience in Cloud compliance and governance.

• Must have CISA certification and CCSP or equivalent. CISSP certification would be preferable.

• Must have working knowledge of ITGC and SSAE18 SOC1/SOC2. Working knowledge of SOX, PCI-DSS, NIST 800=53, CIS Benchmarks would be preferable.

• Must have working knowledge on atleast one CSP – Azure, AWS or GCP. Security-related certifications like AZ 500 would be preferable.

• Excellent oral, written and presentation skills.

• Excellent interpersonal and teamwork capabilities.

• Ability to indirectly manage by influencing larger groups.

• Ability to work individually but also to collaborate in a virtual team, with vendors and clients.

• Good change management and project management skills.

Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law.

This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers. If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at GlobalRecruiting@unisys.com or alternatively Toll Free: 888-560-1782 (Prompt 4).  US job seekers can find more information about Unisys’  EEO commitment here.