Summary:
We are seeking a Cloud Cybersecurity Compliance Engineer who will be responsible for identifying and prioritizing cloud related risks enterprise-wide, executing comprehensive risk assessments, and controlling gap analyses in line with established information security policies and widely recognized risk management frameworks applicable to a range of public cloud environments. Also, you must be responsible for conducting thorough reviews of legal contracts and agreements relevant to cloud services, including service level agreements (SLAs), data processing agreements (DPAs), and vendor contracts. This involves interpreting complex legal language and terms to ensure compliance with information security and privacy requirements, identifying potential risks or areas of non-compliance, and articulating these findings in a clear, comprehensible manner to business units and legal counsel.
Roles and responsibilities
We are seeking a Cloud Cybersecurity Compliance Engineer who will be responsible for identifying and prioritizing cloud related risks enterprise-wide, executing comprehensive risk assessments, and controlling gap analyses in line with established information security policies and widely recognized risk management frameworks applicable to a range of public cloud environments. Also, you must be responsible for conducting thorough reviews of legal contracts and agreements relevant to cloud services, including service level agreements (SLAs), data processing agreements (DPAs), and vendor contracts. This involves interpreting complex legal language and terms to ensure compliance with information security and privacy requirements, identifying potential risks or areas of non-compliance, and articulating these findings in a clear, comprehensible manner to business units and legal counsel.
Roles and responsibilities
- Designing, implementing, and continuously improving the cloud information security/privacy compliance program based on applicable policies, local/state/federal laws, and adopting risk management frameworks.
- Designing, implementing, and leading cloud-based risk assessments and control gap analysis procedures, activities, documents, and communication plans
- Leveraging NIST 800-53/FedRAMP assessment experience, technical, and program management skills to lead, plan, track, collaborate, and report on cloud governance, risk compliance program deliverables, including scheduling/leading meetings, assigning/tracking action items, and developing status reports.
- Performing cross functional interviews with business, technical, and information security partners to determine if information security/privacy controls are implemented correctly, operating as intended, and producing the desired results.
- Communicating program controls, measurements, metrics, and assessment results confidentially, professionally, and effectively, in both written and verbal formats, with business, technical, and third-party stakeholders.
- 5+ years-experience applying governance, risk, and compliance principles to public cloud ecosystems such as AWS (Amazon), Azure (Microsoft), and/or Google
- 5+ years-experience designing/implementing cloud-based information security/privacy policies mapped to industry standards and regulatory frameworks (e.g., NIST 800-53, FedRAMP, PCI, HIPAA, etc.)
- Designing, implementing, and performing cloud-based risk assessments and control gap analysis; identifying, analyzing, and evaluating cloud security/privacy risks through analysis of vendor provided SOC2 and other cloud security control documentation.
- Proven ability to communicate confidentially, professionally, and effectively, in both written and verbal formats, with business, technical, and third-party stakeholders.
- Developing monitoring, gathering, and analyzing information security and compliance metrics for management for the cloud environment
L0UpPCfQNH