Key Responsibilities and Duties

• Participates in the collaboration with various stakeholders on the strategic vision for the enterprise leveraging cloud, managed solutions and traditional capabilities; make recommendations on new solutions and technologies.
• Supports the design and implementation of cutting edge cloud platform within the organization.
• Ensures cloud platform allows business applications to transform into scalable, elastic systems that can be created on demand.
• Assists with hardware and software infrastructure updates and improvements as needed and integration with the cloud infrastructure.
• Provides threat analysis consultation, when needed, across functional teams of the organization, both within the operating business unit and to information technology (IT) teams.
• Maintains technical knowledge of IT trends and emerging technologies to best inform cloud design, architecture and decision making processes.
• Communicates with management to provide updates and ensure integration of new system with existing operations to support the organization\'s cloud strategy.

Educational Requirements

• University (Degree) Preferred

Work Experience

• No Experience Required

Physical Requirements

• Physical Requirements: Sedentary Work

Career Level

5IC

Job Description

Please work with your HR and Compensation Business Partners to finalize ALL job descriptions.

TIAA Corporate Job Title: Associate    x 2 Roles

TIAA Functional Title : Cloud DevSecops Engineer

Business Area: GIS – Cloud Product Management

To be filed out by Compensation:

Job Code:

Job Tier: Associate

Job Family: Cloud Engineering

FLSA:  

Position Summary:  Describe below the primary purpose and function of this job

The Information Security Sr. Analyst will support the IT Risk Assessment program with streamlining and improving service delivery to TIAA’s IT Owners and to Cybersecurity overall. This will include evaluating technical design and controls against risk factors, applicable standards and regulatory requirements.

Key Duties & Responsibilities:  List up to 5 key duties and responsibilities, management responsibilities and time spent (if applicable)

Primary responsibilities will include but are not limited to:

• Provide daily, ongoing oversight of cloud security platform operations.
• Participate in designing and managing IT security strategy in various cloud platforms.
• Assist with projects involving cloud technologies and provide guidance on security engineering and architecture.
• Actively assess existing cloud implementations, identify security issues and implement fixes.
• Engineer and implement new cloud security tools to feed DevOps processes to ensure the solvency of the cloud compute resource.
• Actively assess existing cloud implementations, identify security issues and implement fixes.
• Develop security design and control implementation for container platforms including OpenShift, EKS, Kubernetes, Docker, etc.
• Provide engineering and implementation expertise for security tools such as PaloAlto Prisma Cloud, Tenable, Crowdstrike, F5-ASM, Akamai Kona, etc.
• Assist in integration, and rollout of Application Security tools into the CI/CD pipeline.
• Excellent command of DevSecOps organization practices, operations risk management processes, principles, Cloud securityl requirements, engineering threats and vulnerabilities

Management/Leadership Responsibility:  Is management of people a primary focus of the role?  If so, how many direct and indirect employees are managed?  Do any of them manage a function or process?

• NIL

Budget Responsibility: Does the position have responsibility for Revenue, Operating (expense) Budget, etc.?  If so, what is the scope?

•  NIL

Impact:

Nature of Impact - To what degree does this job affect the business (i.e., through interactions with customers, making decisions, defining or setting strategy, etc.)?

NIL

Area of Impact - What is the breadth of the impact that this job has, either positive or negative (i.e., affects own team, department, function, business unit, geography, entire business, etc.)?

 Business Unit

Problem Solving:  What is nature and complexity of the problems or decisions encountered? Are analytical skills needed?

• Yes – ability to troubleshoot application issues and engineering solutions. Level: Intermediate

Functional Knowledge:  What knowledge of concepts, process, principles or procedures is needed within discipline; SME?

• Experience with Information security concepts, IT Risk management principles/best practices, & assessment methodologies.

Business or Industry Expertise:  Describe the degree of knowledge and understanding required of TIAA’s business and industry, commercial environment and of competitor’s products and services.

Not Required

Interactions / Interpersonal Skills:  Describe the nature and level of interactions this job has with others, both internally and externally.  Explain any specific interpersonal skills necessary to successfully perform this role (i.e., negotiation skills, represents business at external events or to governmental bodies, etc. ).

• Ability to work effectively, as well as independently, in a team environment

Job Requirements And Qualifications:  Indicate the minimum and preferred education and experience for the job and any licenses and certifications required

Required Education:

BA/BS

(add “other” details here)

Preferred Education:

BA/BS

• Equivalent in computer science, management information systems or     equivalent discipline from an accredited college or university

Required Experience:

5-7 years

• Information Technology experience

Preferred Experience:

2-4 years

• Minimum 2 years’ of IT Security, IT Risk and/or policy compliance related experience

Skills and Abilities:

• Minimum 2 years’ Information Technology experience, including IT Security or Cloud related experience (laas, SaaS, PaaS)
• Minimum 2 years’ experience in DevOps tools.
• Working knowledge & understanding cloud technologies such as AWS, GCP or Microsoft Azure.
• Ability to execute in a very fast paced dynamic environment, manage deadlines actively while delivering accurate / error-free work
• Experience with Windows/Linux, scripting (python), automation (Ansible, Terraform) good to have
• Proficient of cloud computing technologies and current cloud trends.
• Working knowledge of third-party security tools that provide necessary control to secure the cloud environment.
• Positive attitude and a strong commitment to delivering quality work.

Required Licenses/Certifications:

Other

CISA or CRISC or CISSP or CEH