Job Information
Cisco Federal Cloud Engineer-Security in RTP, North Carolina
The successful applicant will be performing work on US Government classified environments, and therefore, must be a U.S. Person (i.e., U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee). This position may also perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil.
The Global Cloud Compliance (GCC) group within the STO is responsible to drive all compliance certifications across Cisco. The team enables and protects global cloud sales for our commercial customers, US Government and Federal agencies, as well as many international standards bodies. This team works with Sales and Business Unit partners to ensure accurate security and trust features and functionality are included in new offer releases.
What You'll Do
In today’s dynamic digital environment, security is everyone’s job. At Cisco, the Security and Trust Organization (STO) is at the core of making infrastructure more secure. Your involvement in this strategic and driven team will enable you to collaborate on Cisco’s major objectives - to be the number one trusted business partner to our customers. The STO reports to Cisco’s Chief Security and Trust Officer and owns the innovation, training, and implementation of security and trust features and processes across all of Cisco’s products.
You'll work with a team of control auditors who will provide strategy and execution support for global certifications' audits like SOC2, ISO, PCI, HIPAA, IRAP, C5 and others. The audit support activities will include, but are not limited to, defining the control objectives, advising various engineering organizations as compliance SMEs, performing gap assessments, performing internal readiness assessments, and collaborating closely with external auditors.
Primary Responsibilities:
Partner with a team of compliance engineers passionate about the strategic development of Common Controls and execution of controls internal readiness
Work on the design, governance, and maintenance of Common Controls and associated implementation strategy
Partner with various BUs to support the appropriate adoption and on-boarding of Common Controls
Support the development of the ISMS, risk assessment strategy, security policies, and standards for the certifications
Liaison with external auditors and other internal teams to support certification audits
Be the authority of relevant Security Compliance frameworks and provide mentorship to teams accordingly
Who You Are
This role will support the compliance strategy implementation across Cisco Cloud by developing, governing, and evolving common controls to achieve various security certifications like AICPA SOC2, ISO, PCI, FedRAMP, and others. The ideal candidate is proficient in compliance and has no issues with "rolling up" their sleeves to dig into the details of the various control frameworks; understanding Cisco Clouds current set up around people, process, and technology; and then crafting the common controls along with an implementation strategy.
You have a detailed understanding of risk management methodologies, frameworks, and principles (e.g., AICPA SOC2, FedRAMP, ISO, PCI, HIPAA, etc.) to evaluate and recommend the best approach to mitigating risk with outstanding controls. You possess knowledge of Core IT processes/ services such as SDLC, Identity/ User Access Management, Vulnerability Management, Backup and DR processes. Your superb interpersonal skills at all levels of the organization and ability to prioritize and multi-task in a constantly evolving environment set you apart from the pack and you love being a team-player.
Minimum requirements:
3+ years of experience in a security or compliance role.
Experience within an AWS and other cloud environments
Experience working on a team that uses a GIT workflow
Preferred requirements:
Bachelors/Master’s degree or equivalent experience with a focus in Information Technology/Computer Science or related field
Relevant certifications like CISA, CISSP, CCSK and others will be a plus
Experience with security policies, standards, and controls definition
Experience with Infrastructure as code
Experience with CI/CD pipelines
Why Cisco Secure
We're global, we're adaptable, we're diverse, and our security portfolio is as extensive as it is groundbreaking. Have you heard of Threat, Detection & Response, Zero Trust by Duo, Common Services Engineering, or Cloud & Network Security? Those are only a few of our product teams! The only thing we're missing is YOU.
Join an enterprise security leader with a start-up culture, committed to driving innovation and giving you the opportunity to make an impact. We #InnovateToWin and we know we're better together, that's why we're dedicated to inclusivity, collaboration, and diversity in everything we do.
We're proud to be the Best Small and Mid-Size Enterprises Security Solution Cisco Secure continues to grow and evolve year after year with 100% of Fortune 100 Companies using our products, and we're excited to see the new heights we'll reach with your passion for security, your customer focus, and your desire to change things up!
There are so many amazing reasons to join Cisco. Learn more [1] here!
#LI-LM1
#STO24
References
Visible links
- https://www.cisco.com/c/en/us/about/careers/we-are-cisco.html
Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.
Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.