Cloud Security Engineer

What You'll DoIn today’s dynamic digital environment, security is everyone’s job. At Cisco, the Security and Trust Organization is at the core of making infrastructure more secure. Your involvement in this strategic and driven team will enable you to collaborate on Cisco’s major objectives - to be the Number 1 Trusted Business partner to our customers. The STO reports to Cisco’s Chief Security and Trust Officer and owns the innovation, training, and implementation of security and trust features and processes across all of Cisco’s products.You'll work with a team of control auditors who will provide strategy and execution support for global certifications' audits like SOC2, ISO, PCI, HIPAA, IRAP, C5 and others. The audit support activities will include, but are not limited to, defining the control objectives, advising various engineering organizations as compliance SMEs, performing gap assessments, performing internal readiness assessments, and collaborating closely with external auditors. Primary Responsibilities:

Work with a team of compliance engineers passionate about the strategic development of Common Controls and execution of controls internal readiness

Work on the design, governance, and maintenance of Common Controls and associated implementation strategy

Partner with various BUs to support the appropriate adoption and on-boarding of Common Controls

Support the development of the ISMS, risk assessment strategy, security policies, and standards for the certifications

Liaison with external auditors and other internal teams to support certification audits

Be the authority of relevant Security Compliance frameworks and provide mentorship to teams accordingly

Who You'll Work WithThe Global Cloud Compliance (GCC) group within the STO is responsible to drive all Compliance certifications across Cisco. The team enables and protects global Cloud sales for our Commercial customers, US Government and Federal agencies, as well as many international standards bodies. This team works with Sales and Business Unit partners to ensure accurate security and trust features and functionality are included in new offer releases.Who You Are This Information Security Engineer role will support the compliance strategy implementation across Cisco Cloud by developing, governing, and evolving common controls to achieve various security certifications like AICPA SOC2, ISO, PCI, FedRAMP, and others. The ideal candidate is proficient in compliance and has no issues with "rolling up" their sleeves to dig into the details of the various control frameworks; understanding Cisco Clouds current set up around people, process, and technology; and then crafting the common controls along with an implementation strategy. You have a detailed understanding of risk management methodologies, frameworks, and principles (e.g., AICPA SOC2, FedRAMP, ISO, PCI, HIPAA, etc.) to evaluate and recommend the best approach to mitigating risk with outstanding controls. You possess knowledge of Core IT processes/ services such as SDLC, Identity/ User Access Management, Vulnerability Management, Backup and DR processes. Your superb communication skills at all levels of the organization and ability to prioritize and multi-task in a fast-changing environment set you apart from the pack and you thrive being a good team-player. Minimum Requirements:

College Degree - Bachelors/ master’s degree with a focus in Information Technology/ Computer Science or related field

3+ years of relevant experience in a security or compliance role

Practical experience with AWS and other cloud environments

Experience with security policies, standards, and controls definition

Relevant certifications like CISA, CISSP, CCSK and others will be a plus

Why Cisco? #WeAreCisco. We are all unique, but collectively we bring our talents to work as a team, to develop innovative technology and power a more inclusive, digital future for everyone. How do we do it? Well, for starters - with people like you!Nearly every internet connection around the world touches Cisco. We’re the Internet’s optimists. Our technology makes sure the data traveling at light speed across connections does so securely, yet it’s not what we make but what we make happen which marks us out. We’re helping those who work in the health service to connect with patients and each other; schools, colleges, and universities to teach in even the most challenging of times. We’re helping businesses of all shapes and sizes to connect with their employees and customers in new ways, providing people with access to the digital skills they need and connecting the most remote parts of the world - whether through 5G, or otherwise.We tackle whatever challenges come our way. We have each other’s backs, we recognize our accomplishments, and we grow together. We celebrate and support one another - from big and small things in life to big career moments. And giving back is in our DNA (we get 10 days off each year to do just that).We know that powering an inclusive future starts with us. Because without diversity and a dedication to equality, there is no moving forward. Our 30 Inclusive Communities, that bring people together around commonalities or passions, are leading the way. Together we’re committed to learning, listening, caring for our communities, whilst supporting the most vulnerable with a collective effort to make this world a better place either with technology, or through our actions. So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us! #WeAreCisco #STO24Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.