Cloud Controls Analyst

we are seeking a Cloud Controls Analyst to become a MassMutual Romania team member. This is a great opportunity to be a part of the transformational journey at MassMutual Romania. As we continue to grow our business and look for new ways to engage with customers, technology will be one of the most important enablers to our success and you can be a part of it.

The Opportunity

Do you want to be part of a team that encourages your growth, supports your ambitions and makes it a priority for you to reach your goals? Is helping people part of who you are? At MassMutual Romania, we help millions of people find financial freedom, offer financial protection and plan for the future. We do this by building trust with our customers by being knowledgeable problem solvers and prioritize their needs above all else. We Live Mutual.

If this sounds like a fit, we’re looking to hire a Cloud Controls Analyst to join our team.

Job Description

The Cloud Controls Analyst will work from our Bucharest / Cluj office while collaborating with the Global MassMutual teams and provide support in the Security area. The person who will join this role will report to a local manager based in Bucharest.

Responsibilities

• Contribute to the development and maintenance of MassMutual Cloud controls framework.
• Provide AWS, Azure subject matter expertise, in the development of MassMutual controls and test procedures for effectiveness testing.
• Act as a controls subject matter expert in automating cloud controls in Cloud posture management platforms.
• Plan, execute and report on assessments of MassMutual cloud infrastructure against the MassMutual controls framework.
• Prepare management reporting on assessment results and potential risks.
• Provide feedback for risk treatment planning and remediation progress for gaps identified during the assessments, monitor and report on remediation progress.
• Develop training and awareness materials and collaborate with other teams on the development of cloud controls.

Requirements

• 3 – 5 years in information security & cloud security experience
• One or more Cloud technology and security certifications for Amazon Web Services (AWS), Azure, CCSK, CISSP, CCSP, CISA
• Foundational understanding of industry leading practices and standards on information technology and cloud security, including NIST 800-53, CIS and Cloud Controls Matrix (CCM) frameworks
• Proven experience of cloud security governance within AWS and Azure environments including use of cloud security tools, cloud automation, infrastructure as code (terraform) and policy as code.
• Proven experience with ServiceNow and Governance, Risk, and Compliance (GRC) platforms
• Strong experience planning, executing, managing, and reporting skills.
• Strong written and verbal communication skills
• Proficient in English language

Nice to have

• Experience in the following Cloud Security domains:
• IAM (Least privilege roles and policies)
• Encryption, keys, and secrets management in cloud
• Network Security (Security groups, NACL)
• Security Logging and Monitoring
• Good understanding of AWS, Azure native and third-party security tools
• KMS, Secrets Manager
• CloudTrail, CloudWatch, Azure Defender
• Third party security tools – CrowdStrike
• Posture Management tools – Palo Alto Prisma, Wiz etc.