Security Risk & Compliance Management Advisor

Rackspace Technology is a leading provider of expertise and managed services across all the major public and private cloud technologies. We’ve evolved Fanatical Support to encompass the entire customer journey — providing Fanatical Experience™ from first consultation to daily operations. Our passionate experts combine the power of proactive, always-on service and expertise with best-in-class tools and automation to deliver technology when and how our customers need it.The Security Risk & Compliance Management Advisor provides protection to Rackspace and its customer’s critical data assets from vulnerabilities and security threats. As part of a high-performing global security team, you will work with and support all aspects of security, risk, compliance, and data protection across the organization.

Core Duties

• Lead on all requirements of relevant service accreditations and customer compliance requirements. 
• Carry out regular technical audits, testing and technical configuration reviews of customer Platforms. 
• Deliver quality security accreditation and certification documents required by customers. 
• Security support to the service/project teams. Providing a deep level of security support and knowledge to customer facing teams. 
• Facilitate/attend customer security meetings and workshops, helping customers to make efficient risk-based decisions. Owning outputs and actions ensuring they are completed in a timely manner. 
• Ensure all staff working on customers' workloads have appropriate security screening and are aware of customer security policies and requirements. 
• Support customer Security incident support root cause analysis. Support the investigation of any security incidents and carry out a full investigation and make detailed recommendations to the business. 
• Security operations and Management. Ensure customers are able to protect themselves from a malicious incident; by ensuring they have effective awareness of the security services and their benefits. 
• Carry out vulnerability scans, analyze findings and write customer-facing reports. 
• Carry out internal audits for compliance purposes. 
• Threat awareness and reporting on vulnerabilities facing Rackspace customers. Writing detailed advisories on the threat and recommend options to mitigate. 
• Support the detection, investigation, response and recovery from incidents and system changes within Rackspace. 
• Leading on authorising, planning, and reviewing external vulnerability scans and penetration tests; then creating pragmatic plans and workloads for rectification. 
• Providing security governance, guidance, and training to all parts of the business. 
• Impacts the achievement of customer and has ability to communicate difficult and complex concepts. 
• Operational service security oversight.
• Develop account SyOPs (Security Operating Procedures) if customer security requirements are outside Rackspace normal service processes. 
• Develop monthly security service reporting if appropriate (patching compliance, anti-malware reporting).
• Point of Contact (POC) for review of Rackspace driven changes to assess potential impact to customer security model. 
• POC for customer Head of Information Security and/or CISO during Rackspace security incident management processes.
• POC for customer Head of Information Security and/or CISO to manage service security issues or additional requirements. 
• Management of account security risk items, including reporting on security risks to the customer head of information security and/or CISO and reviewing customer security risk register as applicable to Rackspace. 
• Liaise with customers on security updates and patching to ensure compliance to customer security requirements. 
• Operational service compliance.
• Review customer compliance requirements, including regulatory standards. 
• Develop compliance guidance to include in SyOPs to ensure Rackspace service delivery teams meet customer compliance needs. 
• POC for all customer operational compliance questions/requirements.
• Management of annual customer compliance assessments/audits, including management and reporting of associated Remediation Action Plan (RAP).
• Review regulatory guidance and/or new legislation to identify potential impacts to Rackspace service delivery teams. 
• Point of Contact for FSQS: Hellios, ensure we are leveraging to the full extent, that updates are made on time and that meet the needs of customers. Be promoter / educator of FSQS to encourage customers to join.  
• Support Audits  requirements, questionnaires, and ongoing customer compliance requests.  
• Support directives under the EBA Guidelines on outsourcing arrangements | European Banking Authority (europa.eu). 
• Support with compliance queries and requirements in relation to DORA; Digital Operational Resilience Act (DORA) - Regulation (EU) 2022/2554 (digital-operational-resilience-act.com) 
• Support with compliance queries and requirements in relation to NCSC Cyber Assurance Framework (CAF), for customers designated as working within the UK Critical National Infrastructure (CNI)  Cyber Assurance Framework 
• Facilitating responses with teams across the business (supply chain, legal, compliance, HR, delivery teams in relation to our processes and procedures and compliance to specific requirements etc). 
• POC for educating and support GCS team and customers on what is available and a differentiator across Infosec (ISO/SOC/Pen Testing Vulnerability/Patch Management), Business Continuity, Architecture, FSQS, Subcontracting / 3rd party management.

#LI-LP2#LI-Remote