Lead Information Security Compliance Engineer - Cloud Security

About The Position

Requirements

• Bachelor degree in Computer Science, Information Security, Compliance, Cybersecurity or a related field experience.
• Industry security certifications such as CISA, CISM, CRISC, CISSP.
• Industry certifications in Cloud such as AWS, Azure.
• 8-12 years of experience in cybersecurity, security compliance, or cloud security roles.
• 8+ years of hands‑on experience with Microsoft Azure environments, including SaaS or cloud‑native architectures.
• Proven experience working with security frameworks and regulatory standards, including: NIST 800‑53, ISO/IEC 27001, ISO42001, and other industry certifications.
• Experience supporting or leading security audits and assessments.
• Proven experience in information security, particularly within auditing, compliance and risk management.
• Strong communication and interpersonal skills, including executive communication to senior leadership with focus towards building bridges with key collaborators.
• Strong critical thinking and problem-solving skills to resolve problems effectively and creatively while maintaining a high level of flexibility, professionalism, and integrity.
• Experience with cloud security, encryption technologies, and network security protocols preferred.
• Analytical thinker with strong problem-solving skills.
• Detail-oriented with a strong focus on accuracy and the ability to manage multiple priorities.
• Proactive self-starter with an entrepreneurial spirit and the ability to work independently or as part of a team.
• Strong ethical standards and a high level of personal integrity.
• Auditing/Assurance experience preferred.
• Excellent communication skills, both written and verbal, with the ability to effectively articulate complex security-related concepts to a varied audience.
• Strong understanding of policy and procedure development and implementation

Nice To Haves

• Knowledge of: ISO 27001/industry standard audit
• FedRAMP/StateRAMP/GovRAMP
• US NIST 800-53
• NIST Privacy Framework

Responsibilities

• Perform security and threat assessments for new features, architectural changes, and SaaS platform enhancements.
• Participate in change management and feature development processes, ensuring security and compliance requirements are integrated early (shift‑left security).
• Identify security risks related to cloud services, data handling, identity, and application design, and recommend mitigation strategies.
• Provide informed recommendations for information security controls, tools and applications specifically tailored to modern Azure based applications.
• Lead or support incident management activities for SaaS environments and cloud services.
• Drive incident investigations, root cause analysis, and documentation.
• Assist with defining and tracking corrective and preventive actions (CAPAs), ensuring remediation timelines are met.
• Monitor and validate the effectiveness of corrective actions following incidents.
• Maintain strong knowledge of software vulnerabilities, security scanning, and assessment tools.
• Assist with prioritization of vulnerability remediation based on risk, exploitability, and customer impact.
• Advocate for remediation of high‑risk findings and track remediation progress.
• Support coordination of public vulnerability disclosures and customer communications, as required.
• Oversee ISO/IEC 27001 compliance, including maintenance of the ISMS.
• Lead and coordinate external audits (ISO 27001, customer audits, regulatory assessments).
• Plan and conduct internal audits, including control testing, evidence collection, and remediation tracking.
• Ensure alignment with NIST 800‑53, FedRAMP, and other applicable frameworks.
• Support continuous improvement of compliance processes, metrics, and reporting.
• Serve as a trusted security and compliance advisor to engineering, product, legal, risk, and operations teams.
• Translate compliance and security requirements into practical, implementable technical controls.
• Contribute to policy, standard, and procedure development related to cloud security and compliance.