IBM - New York, NY
posted 2 days ago
About the position
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk. IBM Technology Zone operates a global Hybrid Cloud infrastructure inclusive of IBM Cloud, AWS, Azure, Power, Z, VMWare, and KVM. The Security Consultant intern is to work with the Security & Compliance lead to ensure scalable security architectures across these platforms and compliance commitments are reflected in the corresponding roadmaps. Additionally, compliance risks and audit findings are completed within the planned timeframes, and identified compliance issues are properly risk assessed with an action plan to close.
Responsibilities
- Review, document, and iterate on cloud security models to ensure scalable and secure access to our Hybrid Cloud infrastructure.
- Collaborate with infrastructure architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements.
- Conduct regularly reviews on compliance progression of systems and hosting internal and third-party audits as required in order to maintain certifications and compliance certificates.
- Work with the Development teams to ensure automation of evidence collection and evidence management is in line with compliance expectations at all times.
Requirements
- Pursuing bachelor's degree in computer science or information technology (CIS/MIS).
- Experience with DevOps concepts, tooling and software development.
- Knowledge of ITSS or ISEC security policies.
- Knowledge of IBM Security Tooling (e.g., AccessHub, IBM Inventory, MAD, Crowdstrike, Cognos Reporting)
- Knowledge of Industry Security & Privacy Regulations (e.g., ISO, SOC2, HIPAA, PCI, FFIEC, GDPR)
Nice-to-haves
- Experience working with application and cloud SMEs to document security models.
- Experience with public cloud security models, i.e., access policies, resource groups, IAM, LDAP, etc.
- Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, GDPR, SOC 2, PCI, NIST, ISO, or ITAR.
- Experience in risk assessment processes, service delivery operations, and software development.
