The Cloud Security Architecture Analyst, within Emory's Enterprise Information Security team, will be primarily responsible for working with the Enterprise Security and other Emory IT teams to identify, evaluate, and implement security controls for cloud services. This will mainly include Amazon Web Services but will also encompass additional cloud provider related activities as Emory's cloud base grows. This position will support the migration and support of on-premise solutions to the cloud, and continual adoption of secure cloud services, for Emory University and Emory Healthcare. Responsible for performing security risk assessments for cloud computing solutions, including risk identification, analysis, and evaluation, identifying remediation and/or mitigation requirements and recommendations, and handing off the associated risks to the enterprise risk register management process. Seeks and applies guidance and direction for internal and external customers based on policies, published guidelines, best practices, and industry recommendations. Supports team by performing research and analysis of vulnerabilities and related consultation to internal and external customers about those vulnerabilities. Helps to ensure that information security safeguards and controls are properly communicated and adhered to. Assessments include various cloud platform providers, and the applications, processes, vendors, and technologies used by departments, divisions, or the enterprise in one or more of those cloud platform providers. In addition to conducting risk assessments, this position contributes to the identification of improvements for multiple areas, to include the risk management process and tool improvements. Works closely with teams across cloud engineering, enterprise information security, IT, privacy, compliance, legal, procurement, research, and numerous business units to help protect assets for the institution. Applies background knowledge in IT, cloud architecture and security, and/or security vendor risk assessments and continually conducts research into new technologies and vulnerabilities across the industry. Contributes to development of risk analysis tools and provides functional guidance and direction to internal and external customer teams in overall security risk assessments of projects. Assists with the interpretation of information security policies and requirements or their applicability. Performs risk assessments of client vendors through risk assessment toolkit against various frameworks (HIPAA, HITRUST, SOC, NIST, etc.), collecting data and identifying areas of compliance/non-compliance through written assessment reports. Assesses risk for various components of a particular solution's architecture, such as: cloud services, cloud controls, network, operating system, database, storage, application vulnerability assessments, cloud security configuration settings, virus prevention and remediation, encryption, network segmentation, remote access, and authentication. As a member of the Enterprise Security team, the position will also be tasked with other information security related tasks and projects as necessary. This position may be called upon to assist with information security activities with university or healthcare units across the enterprise. Performs other related duties as required. Level: An experienced cybersecurity professional applies practical knowledge of job area typically obtained through advanced education and work experience. Works semi-independently with periodic management check-ins, in close collaboration with analyst's own team. Requires communication with IT leadership. Career progression to this point includes experience with cloud platform solutions.