Introduction
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.

Your Role and Responsibilities

As a 'Security & Compliance Project Manager', you will work alongside experienced professionals towards a common goal of delivering high-quality and secure products to our clients. You will proactively seek for improvement opportunities and will focus on innovation that matters; by learning new technologies and methods that can positively impact the product roadmap. This role also requires after hours paging for high-severity events related to all of the team's secure release requirements.

• You will be part of a strong, agile, and culture-driven development team responsible for building the Supply Chain Product for tomorrow.
• Organization,excellent communication skills, security related experience (preferred)
• The 'Security & Compliance Project Manager' should continuously consider the attack vectors and security weaknesses within their area or product offering and provide solutions to remediate those weaknesses. The person should be able to articulate and communicate to leadership team about the security posture of represented products/services. This overarching responsibility drives the requirement for the person to be proficient in the required skills listed below.
• Well Organized : Ability to work independently across multiple component teams, synthesize data into clear presentations to be shared with all stake holders
• Collaborative: Must collaborate with architects, developers, and non-technical stakeholders to drive security solutions.
• Respected: Proven track record in similar roles in industry. You will be expected to establish trust and respect with the development teams.
• Technical: Good grasp of computer science and technical understanding of micro-services architecture, SaaS, Cloud Security and Infrastructure.
• Growth Mindset: The world of security is highly dynamic and IBM is a company that thrives on innovation. Our Security and Compliance professional must possess a growth mindset to keep up with the ever-changing security landscape and seek opportunities to increase their breadth and depth of security topics."

• Total experience of 12+ years.
• 5+ years of working experience with software product development (preferably SaaS) organizations.
• 3+ years of working experience in a leadership or PM position, having worked acorss multiple teams, geographies and preferably in compliance related roles.
• Domain expertise in cloud software and infrastructure technologies.
• Very good knowledge and understanding in penetration testing methodologies and exploits (web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies).
• Ability to communicate highly technical aspects to Executives, IT staffs, CISO team, auditors, respectively.
• Demonstrated experience in successful driving and execution of compliance programs for common IT security standards/regulations: SOC1/2/3, ISO27K, HIPAA, PCI, FBA (formerly FFIEC), FedRAMP, GDPR, etc.
• Experience with and understanding of -
• Access Management - understand the concepts of need to know, least privilege, individual accountability, privilege access monitoring, access revalidation, etc. and ensure your service implements them. Know to avoid the use of shared IDs, excessive privileges, weak passwords, etc.
• Vulnerability Management - be able to regularly scan your systems and remediate any vulnerabilities found within required time frames
• Data Protection - understand the types of data your services deal with and have measures in place to protect that data (e.g. encryption in transit and at rest, locked down file permissions, etc.)
• Configuration Management - understand how to securely harden a system or application upon deployment
• Health Checking - know how to check that a system/application is configured correctly on an ongoing regular basis and remediate any issues within required time frames
• Logging & Monitoring - ensure there is a process in place to store key logs with data integrity in place to protect those logs and have a process in place to independently monitor those logs for any unusual activity
• Change Management - understand and follow the discipline of change management to ensure that changes to systems, applications and environments are properly planned and vetted to avoid disruption to their service
• Business Continuity - understand what business continuity requirements are necessary in your organization and actively participate in ongoing business continuity planning
• Risk Management - understand where there are gaps in compliance or areas of risk that need to be analyzed and addressed either by remediation activities or formal Risk Evaluations to ensure mitigation, executive awareness, and approval
• Audits - be prepared to support audits by providing evidence or being interviewed as required
• Common Attack Patterns - know what the common attack vectors facing the industry (e.g. CWE 25 or OWASP Top 10), be able to describe an attack, give a generic example of the payload"

• Good To Have - Certifications / Credentials - CISSP (preferred), CCNP/CCIE (preferred), CCSP, CISA/CRISC/CISM."