AWS Assurance Specialist

Job Description

Interested in joining a team that is pivotal in protecting consumers and UK financial markets against cyber-crimeThe Cyber and Information Resilience Team is a department that has been formed to respond to the growing threat from cyber security and the organisations increasing reliance on the data in order to effectively regulate of the financial sector and ensure thatrelevant markets function well. The team brings together the disciplines of cyber and information security, information management and privacy.The Assurance teams prime objectives are:

• Assuring services to ensure our systems, infrastructure, suppliers and business processes are compliant with our polices and the FCAs risk appetite.
• Validate operational decisions are made in accordance with our security policies and standards and do not increase the overall risk exposure of the FCA.
• Analyse compliance with the fundamental processes and plans required to manage risk and safeguard our most important assets.
• Determine correct measures of governance and controls are in place to validate identified cyber risks and vulnerabilities are prioritised and remediated based on agreed C&IR SLAs

What does the role involve

• Building the cloud assurance regime, within our cloud environments
• Participate as a member of the Cyber Assurance Team as an AWS subject matter expert
• Monitoring compliance with cyber policies, standards and frameworks, in particularly NIST 800, OWASP and MITRE.
• Development of cloud security procedures and controls for the assurance team across the operating environment
• Manages and maintains AWS security governance policies, including custom IAM policies, security groups, NACLs, and S3 bucket policies
• Monitors and assists with the implementation of AWS in-house and COTS security capabilities
• Conducts and automate cyber security audits of AWS accounts and resources
• Documents and delivers enhancements to FCAs AWS environment at the direction of FCAs cloud architects and engineers

What you will get from the role:

• You will have the experience of acting as a mentor to a multi-disciplinary team that is strategically important to the mission of the FCA.
• Ability to influence the strategic direction of cyber security and information resilience in the cloud at the FCA
• Acting as the key AWS SME across multiple divisions for AWS compliance and assurance

Skills/Experience Required Minimum Were a signatory to the Governments Disability Confident scheme. This means that we will offer an interview to disabled candidates entering under the scheme, should they meet the minimum criteria for a role. A minimum criterion needs to be measurablefrom reviewing a candidates CV. Exceptions may apply if due to the volume of applications we are not able to interview all eligible candidates who qualify under the scheme.

• Proven experience of leading security or information cloud assurance initiatives and operating AWS Information Security/Assurance Frameworks and Services.
• Have experience in performing technical assessments and audits of network, operating systems, application security, as well as auditing IT processes
• Understanding of cloud computing services/deployment architecture.

Essential

• Substantial experience in the AWS security assessment and information assurance space
• Understanding of computer science fundamentals and high-level design.
• Experience supporting information security control audits (e.g. NIST 800-53, ISO 27017/27018, PCI DSS, SOC)
• Experience in AWS tooling for generating automated metrics to measure IT security effectiveness and consistency.
• Strong hands-on involvement in the delivery and execution of more than one of the areas listed in the job description key responsibilities
• Ability to plan strategically, arrange and consolidate resources in order to deliver cloud assurance services to achieve CIR assurance objectives

Desirable

• Professional IT Accreditations (CISM, CISA, CISSP, CEH, M Inst ISP).
• Experience in IT program or project management, IT auditing, and/or control framework development and implementation is also a plus.
• Analytical, thorough and methodical.

About the FCA The FCA is currently trialling a new hybrid way of working, requiring colleagues to spend 40% of their time in the office each month until the end of July. This trial period will allow us to identify the most appropriate balance of hybrid working, enablingus to benefit from the best of both working in an office environment and remotely.The base salary range for this role is up to £77,000 (National) per annum, plus an additional flexible allowance.Core benefits that you will receive as standard are:

• 25 days holiday per year
• Private medical for yourself
• Pension contributions of at least 8% of basic salary each month (there are several contribution levels that increase depending on your age - up to 12% a month once you reach age 35).
• Life assurance of eight times your basic salary
• Income protection