Cloud & IT Security Engineer

You are known for your complex problem-solving abilities and inventiveness, aiding in your ability to anticipate potential threats and design systems to preempt them. You lead with credibility and independence – empowering teams to meet business and IT security goals. You have rock solid integrity, confidentiality and cultivate an environment of trust. You are excited to play a critical role in designing, implementing, and maintaining security components of an organization’s cloud infrastructure and IT systems. You enjoy collaborating cross-functionally with teams to ensure the safety and integrity of data and delivering high-quality solutions. You have a passion for researching and learning innovative technologies and trends in cloud and IT engineering.

If this sounds like you, please read on!

The Cloud & IT Security Engineer will be responsible for architecting, building, migrating, and supporting enterprise applications and virtualized resources within Microsoft Azure and O365. The engineer should have proven experience and skills to design, implement, maintain, and administer solutions in Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) environments. Additionally, the engineer will be responsible for current state and future state documentation, and planning and execution of cloud solutions. Furthermore, the engineer in their security responsibilities will follow data security standards, make security recommendations, and implement security strategies resulting in risk reduction and safeguarding the organization’s protected health information and other confidential or sensitive information from security threats. Some duties will also pertain to security incident response and security awareness training for personnel.

• Assists in the design, implementation and support of cloud-based platforms and services, system monitoring and backup services to cloud-based solutions.
• Creates and continuously updates the cloud strategy roadmap and presents to leadership on a quarterly basis.
• Planning and migration of on-premises workloads to cloud-based infrastructure and services.
• Works with operations and development teams to optimize deployments and automate infrastructure and collaborate with internal stakeholders, cross-functional teams, third-party vendors, and consultants.
• Assists with the Risk Management program to conduct a continuous assessment of current IT security practices and systems and identifies areas for improvement.
• Assists with the third-party Vendor Risk Management Program. Assesses third party vendors, reviews contractual security language, and implements processes to hold vendors accountable after they experience security breaches.
• Supports and participates in legal/privacy contract negotiations with third-party vendors and completes registry and other risk assessments from third parties.
• Assists with the Governance, Risk and Compliance (GRC) tool to track and assess risks.
• Implementation of governance over identity and access management (IAM).
• Ensures proper security controls and infrastructure practices have been implemented on cloud platforms and services.
• Monitors, evaluates, and escalates all changes in cloud utilization that impact billing. Implements cloud budget dashboards for upper management team.
• Partners with vendors often to continuously optimize the environment for the best cloud and security performance.
• Implements IT solutions to minimize the risk of cyber-attacks. Participates in external audits and IT security risk assessments and provides recommendations to minimize threats. Maintains compliance with the latest HIPAA/HITECH, PCI, GDPR regulations and requirements by adhering to industry standard cyber-security frameworks. Tracks the latest IT security innovations and keeps abreast of cyber threats and security technologies. Communicates with key stakeholders about IT security threats.
• Leads incident response situations based on AAOS Incident Response Policies and Runbooks.
• Contributes to data security and privacy policies and procedures related to the proper handling and use of confidential information across the organization. Ensures that business processes incorporate the proper audit controls that demonstrate compliance with policy and regulations.
• Coordinates regular training and education of Academy staff on cyber hygiene and compliance-specific (e.g., HIPAA) materials to increase cybersecurity awareness and maintain compliance.
• Assists in vulnerability remediation efforts where required.

Exemplifies the following essential values of the Academy:

• Teamwork: Effective collaboration and team-focus to solve complex problems and drive innovation.
• Empowerment: The authority, information, and skills to make decisions and drive results.
• Accountability: Ownership of process and results that drive decisions and ensure implementation.
• Mindset of Growth/Continuous Learning: Focused on and invested in self and staff development to become more adaptable, making the Academy more agile, innovative, and sustainable.

Travel:

• Up to 10 days per year

Qualifications:

Required:

• Bachelor’s degree is required in computer science or similar field.
• A minimum of 5 years prior IT experience, at least 3 years of cloud-specific experience
• 3+ years’ direct administration experience with Microsoft Azure, Google Cloud, or AWS. Azure is preferred.
• Proven experience in cloud optimization strategies.
• Experience identifying, reporting on, and implementing cloud security strategies.
• Ability to develop and conduct cybersecurity plans and policies.
• Ability to develop, monitor, and report on cybersecurity awareness training of the workforce on cybersecurity standards, policies, and best practices.
• Must possess a strong working knowledge and understanding of business processes and the systems that support them.
• Must possess excellent analytical and planning skills.
• Must possess excellent written and verbal communication skills as well as demonstrated presentation, organizational, facilitation, and critical thinking skills.
• Ability to adapt to a fast-moving/heavy lift IT landscape and keep pace with latest thinking, threat modeling, and new security technologies.
• Excellent communication skills – providing verbal and written communication that is outstanding to leadership.
• Flexible and adaptable – capable of changing direction where required and showing flexibility to meet new demands.

Desired:

• Cybersecurity certification(s) or current pursuit of cybersecurity certification.
• Expertise in anti-virus, IDS/IPS, firewalls, SIEM, data loss prevention (DLP), file integrity monitoring, and content filtering software.
• Experience in security incident response and/or disaster recovery scenarios.
• Knowledge of risk assessment tools, technologies, and methods.

If this describes YOU, please apply by sharing the following:

-Clearly communicate why you are the ideal candidate for this role, providing specific examples and experiences as proof points.

-Resumes must be accompanied by a cover letter with salary expectations to be considered.

Please note:

• This position is based in Rosemont, Illinois and is open to applicants who are able to commute weekly to this office.
• Applicants must already be authorized to work in the United States on a full-time basis. We are unable to sponsor or take over sponsorship of work visas.

JOB CODE: 1000066