Why this role is important to us
Did you know that SimCorp was founded more than 50 years ago? Today SimCorp is a Software-as-a-Service (SaaS) company, and we need you onboard, as the growth of new SaaS services comes with an increased need for security and compliance!
Your primary responsibility will be to orchestrate the modernization of compliance in SimCorp and ensure the rest of the company understand that security and compliance work can be a fun and engaging engineering challenge. You will join the SaaS innovation team consisting of almost 100 employees, distributed across various locations and time zones.
In the SaaS Innovation team, we currently face the following key responsibilities:
Identity and Access Management (IAM)
Data Loss/Leak Prevention (DLP)
Security Operations Center (SOC)
Our hope is that you will take at least one of these challenges and implement them across the whole organization.
Additionally, you will help develop our future roadmap for continuous compliance with our SaaS services. We envision that this will be based on compliance checks-as-code, perhaps OSCAL, embedded into our cloud DevOps pipelines, but if this is the best approach is still an open question.
Your daily work could include:
Act as subject matter expert and support our business and operations teams in all aspects of cloud security and help grow our security culture
Help drive process alignment between different SaaS product lines
Create and maintain cloud-specific security & compliance policies in partnership with key stakeholders (CISO office, external auditors, architecture leadership, and SaaS product lines)
Guide, explain motivations, and review implementation of security & compliance policies, standards, and procedures within our SaaS product lines
Collect security requirements based on market and compliance needs in collaboration with business owners, subject matter experts, Site Reliability / DevOps engineers, and external stakeholders
Facilitate execution of threat modeling, security review, and penetration testing for new and existing services built by the SaaS product lines
Perform gap analysis and select best-fit controls to improve and refine our implementation of end-to-end SOC2 compliance
Update and refine roadmaps, epics, and features
You will be great for this position if you have experience with some of these:
Configuration as Code
Security standards/frameworks, e.g., NIST, CIS, CSA Cloud Control Matrix (CCM), OWASP
Compliance frameworks e.g., SOC2 or ISO27001/2
SIEM tools, preferably Azure Sentinel
Threat modeling and penetration testing
Zero-Trust architectures and Zero-Trust eXtended
Translate business requirements into technical solutions or working with architecture runways or product management/ownership
Professional security architecture experience in cloud services (e.g., Microsoft Azure, knowledge of security compliance and information rights management)
Flexible working hours – possibility to work from home
Private medical care (Medicover) and life insurance
Sharing the costs of sports activities (Multisport Card)
Possibility to develop your career in an international environment
Professional training and courses
Integration events and charity projects
SimCorp is a provider of investment management solutions to the world's largest asset managers, fund managers, asset servicers, pension and insurance funds, wealth managers, banks and sovereign wealth funds.
We celebrate multiple approaches and points of view, together we're building a culture where difference is valued. You will be part of growth and a company that continues to grow, offering a lot of interesting opportunities.
Visit our career pages to learn why other people choose to work at SimCorp www.simcorp.com/career