Ensure that infrastructure events and changes related to information security are timely reviewed- Quickly review infrastructure events that impact information security, like access to customer data, to be in line with internal policies;
- Quickly review infrastructure changes that impact information security, like a change in firewall rules or introduction of a new SaaS solution or open source component, to be in line with internal policies;
- Work with Security Engineers to automate reviews where possible.
Ensure that infrastructure security incidents are quickly contained- Quickly perform a first assessment on infrastructure security incidents, including reported vulnerabilities from several sources (IDS, WAF, vendors of third party dependencies, penetration tests), regarding their risk and derive next actions
Ensure that security aspects are well reflected in infrastructure risk assessments- Support security readiness assessments for new infrastructure services or after major changes;
- Support annual and ad-hoc risk assessment workshops with Infrastructure team members to identify and mitigate infrastructure related security risks for existing systems and during the design of new services;
- Monitor treatment of risks and support continuous improvement of the maturity of the infrastructure security program to reduce security related risks.
Ensure security awareness among Infrastructure engineers (SREs)- Maintain information security and data privacy training program and train infrastructure engineers on information security and data privacy with respect to their infrastructure engineers function
Rensible for successful internal and external security audits and due diligences- Coordinate pentests from infrastructure perspective;
- Perform internal infrastructure security audits;
- Support maintaining the documentation of the infrastructure security in our Control register and security assurance documents;
- Coordinate table-top exercises for infrastructure team, covering scenarios like disaster recovery, data breaches, or cyber attacks;
- Attend internal and external audits and due diligence activities to demonstrate evidences of current practices related to infrastructure security.