Cloud Security/Compliance Officer

Location: Warsaw, PL

Why this role is important to us

Did you know that SimCorp was founded more than 50 years ago? Today SimCorp is a Software-as-a-Service (SaaS) company, and we need you onboard, as the growth of new SaaS services comes with an increased need for security and compliance!

Your primary responsibility will be to orchestrate the modernization of compliance in SimCorp and ensure the rest of the company understand that security and compliance work can be a fun and engaging engineering challenge. You will join the SaaS innovation team consisting of almost 100 employees, distributed across various locations and time zones.

In the SaaS Innovation team, we currently face the following key responsibilities:

  • Identity and Access Management (IAM)

  • Data Loss/Leak Prevention (DLP)

  • Security Operations Center (SOC)

Our hope is that you will take at least one of these challenges and implement them across the whole organization.

Additionally, you will help develop our future roadmap for continuous compliance with our SaaS services. We envision that this will be based on compliance checks-as-code, perhaps OSCAL, embedded into our cloud DevOps pipelines, but if this is the best approach is still an open question.

Your daily work could include:

  • Act as subject matter expert and support our business and operations teams in all aspects of cloud security and help grow our security culture

  • Help drive process alignment between different SaaS product lines

  • Create and maintain cloud-specific security & compliance policies in partnership with key stakeholders (CISO office, external auditors, architecture leadership, and SaaS product lines)

  • Guide, explain motivations, and review implementation of security & compliance policies, standards, and procedures within our SaaS product lines

  • Collect security requirements based on market and compliance needs in collaboration with business owners, subject matter experts, Site Reliability / DevOps engineers, and external stakeholders

  • Facilitate execution of threat modeling, security review, and penetration testing for new and existing services built by the SaaS product lines

  • Perform gap analysis and select best-fit controls to improve and refine our implementation of end-to-end SOC2 compliance 

  • Update and refine roadmaps, epics, and features

 You will be great for this position if you have experience with some of these:

  • Configuration as Code 

  • Security standards/frameworks, e.g., NIST, CIS, CSA Cloud Control Matrix (CCM), OWASP 

  • Compliance frameworks e.g., SOC2 or ISO27001/2

  • SIEM tools, preferably Azure Sentinel

  • Threat modeling and penetration testing

  • Zero-Trust architectures and Zero-Trust eXtended

  • Translate business requirements into technical solutions or working with architecture runways or product management/ownership

  • Professional security architecture experience in cloud services (e.g., Microsoft Azure, knowledge of security compliance and information rights management)

Benefits:

  • Flexible working hours – possibility to work from home

  • Private medical care (Medicover) and life insurance

  • Sharing the costs of sports activities (Multisport Card)

  • Possibility to develop your career in an international environment

  • Professional training and courses

  • Language classes

  • Integration events and charity projects

About us: 

SimCorp is a provider of investment management solutions to the world's largest asset managers, fund managers, asset servicers, pension and insurance funds, wealth managers, banks and sovereign wealth funds. 

We celebrate multiple approaches and points of view, together we're building a culture where difference is valued. You will be part of growth and a company that continues to grow, offering a lot of interesting opportunities. 

Visit our career pages to learn why other people choose to work at SimCorp www.simcorp.com/career 

 

#LI-hybrid