CGG (www.cgg.com) is a global geoscience technology leader. Employing around 3,700 people worldwide, CGG provides a comprehensive range of data, products, services and solutions that support our clients to achieve their business and transition goals. We combine human ingenuity and new technology to understand and solve the world’s natural resource, environmental and infrastructure challenges. Our unique perspective uncovers new ways for our clients to be more efficient and responsible, for a more sustainable future.

Our Geology & Engineering experts provide valuable insight for natural resource exploration and development and support our clients’ geothermal, CCUS and environmental Energy Transition programs.

CGG is seeking a cloud security architect to join its Information Security team reporting to the Chief Information Security Officer. The team has a global remit with a focus on risk management, and the responsibility of providing assurance to our executive leadership, board, customers and other stakeholders that we are ‘secure enough’.

As CGG develops its cloud offering to its customers we have a need for someone to join the Information Security team to provide advice, oversight and guidance on the tools, technologies and controls needed to maintain a strong security posture. A significant part of this is ensuring that we have adequate levels of visibility into our deployments to provide effective alerting and auditing.

This is not a dedicated ‘hands-on’ role as the majority of tools will be managed by the operational teams but some time in the management consoles will be necessary so the successful candidate must be comfortable in these environments.

This role would suit someone with solid cloud IaaS knowledge gained through hands-on experience who is looking to move towards the bigger picture realm of risk management.

Principle Accountabilities

• Act as a subject matter expert for cloud security technology and architecture and provide relevant guidance to the CISO and wider InfoSec community.
• Develop and maintain strong, trust-based relationships with technology leaders across the company.
• Provide cloud security advice and guidance to the various technology teams within the group.
• Add value to the information security community and the wider organization by identifying opportunities to enhance our security posture and taking ownership of the deployment if necessary.

• Identify and assess current and emerging information security threats and provide recommendations on appropriate controls and mitigation strategies.
• Guide the implementation and ongoing management of cloud security controls and features within IT systems.
• Ensuring effective monitoring of the cloud security environment; identifying gaps in visibility; evaluating and implementing enhancements.
• Develop a vulnerability testing program for cloud deployments ensuring that vulnerabilities are identified in a timely manner.
• Perform security analyses of cloud architectures prior to deployment and identify opportunities to reduce any inherent risk.
• Produce necessary documentation following existing processes and identify potential enhancements.
• Actively participate in incident response activities.

Person Spec

• Good written and presentation skills
• Ability to focus on technical detail, as well as appreciate the wider environment and ecosystem
• Experience working directly with technology teams to develop effective solutions
• Good interpersonal communication skills in a multi-cultural environment
• Have a ‘business enabler’ mindset focussing on how to achieve the desired outcomes without sacrificing security
• Ability to think strategically, identifying incremental steps to reach an end goal

• Broad and strong IT knowledge across multiple areas gained through at least 3 years of hands-on experience in IaaS deployments using a global cloud provider
• Knowledge of – and ideally experience in - the processes involved in gaining and retaining SOC-2 certification.
• Good understanding of the principles of information security (CIA, Critical Assets, threats, vulnerabilities, exposure, risk, controls etc.)
• Good understanding and appreciation of the ‘building blocks’ needed for a strong cloud security posture and the interaction between them.
• Good understanding of IT security technologies and appreciation of where and how they fit into global architectures
• Experience of the vulnerability management process and analysis, interpretation, and prioritization of the results

We recognise the importance of work life balance for our employees, which is supported through our flexible working and relaxed dress code policies.

We recognise and actively support the wellbeing of our staff through many different initiatives;

• Promoting active lifestyles
• Regular social club events, spontaneous reward events throughout the year
• Many discounts schemes, including Gym membership and a cycle purchase scheme

We encourage and actively support a strong sense of community, through volunteering and various company initiatives, as well as a strong company commitment to protecting our environment through sustainable solutions, energy saving and waste reduction enterprises.

We see things differently. Diversity fuels our innovation, we value the unique ways in which we differ, and we are committed to equal employment opportunities for all professionals.