IT and Security

Info

Provide best in class internal IT and Security services which enable and secure our business.

The purpose of the IT and Security team is to provide best in class internal IT and Security services which enable and secure the business. We do so by supporting and improving organizational efficiency, effectivity, and productivity; whilst maintaining a strong security posture, both internal and external. To do so, we own and manage our internal tools, systems, and overall IT and Security operations.

Being part of the IT and Security team means, we respond to any security and IT incidents, and proactively mitigates current or future threats, risks, and blockers to our systems and resources, and ultimately also that of our clients. We are responsible for ensuring amazee.io’s IT Security governance, compliance and certifications, as well as ensuring the integrity of our data and privacy of information.

Our work is essential to our services and reputation. Therefore, an effective IT and Security team is central to our survival as a business.

Responsibilities

• User Lifecycle Management and Identity and Access Management for all tools used by amazee.io
• Develop or procure, manage & maintain tools required by the amazee.io IT and Security team
• Coordinates IT and Security topics with all amazee.io teams, and handles requests resulting there of
• Writes and maintains IT Security policy and compliance documents and maintains the IT Security complicance database
• Drives IT Security certifications (getting certification projects up and running, coordination with external audit partners and other involved internal teams, recertification planning)
• Ensure high security awareness of employees through the use of awareness campaigns and training
• Maintain a strong security posture of amazee.io by monitoring the security status of Platform & Lagoon (Security Engineers only)
• Coordinate and collaborate with customer & community security teams during security incident & security audits (Security Engineers only)
• Lead investigations during security incidents and coordinate with all required internal and external parties (Security Engineers only)
• Monitor security bulletins of open source and governments and react accordingly (Security Engineers only)
• Maintains Risk Register for amazee.io and Lagoon (Security Engineers only)
• Supports Sales team by responding to security questions from potential customers (Security Sales Engineer only)

Non-Responsibilities

• No amazee.io customer contact for IT Operations roles
• Manage, maintain and monitor platforms needed for internal IT and Security operations
• Fix security issues on Platform or customer owned resources
• Research of business cases for requests
• The content of policies and compliance documents owned by other Workstreams
• Implement changes in other workstreams due to certification needs

Roles

• (CISO
• Application Security Engineer
• Security & Compliance Engineer

---