Cloud Security Compliance Analyst

Job Description

Security standards creation (for cloud services; AWS, GCP) , cloud threat modelling, experience with working on Prisma Cloud RQL. Responsibilities: Compliance Framework Interpretation: Understand and interpret various cloud security compliance frameworks such as ISO 27001, NIST CSF, SOC 2, FedRAMP, HIPAA, PCI DSS, GDPR, and other relevant industry-specific or regional regulations. Stay up-to-date with changes and updates to these frameworks and regulations. Translate complex compliance requirements into actionable guidance for technical teams. Cloud Security Assessments and Audits: Conduct regular security assessments and internal audits of cloud environments (e.g., AWS, Azure, GCP) to evaluate adherence to established policies, standards, and regulatory requirements. Identify and document compliance gaps and vulnerabilities. Assist with external audits conducted by regulatory bodies or clients. Control Implementation and Monitoring: Work with cloud engineering and security teams to design, implement, and maintain security controls necessary to meet compliance requirements. Monitor the effectiveness of implemented controls and identify areas for improvement. Assist in the development and deployment of automated compliance monitoring tools. Documentation and Reporting: Develop and maintain comprehensive documentation related to cloud security compliance, including policies, standards, procedures, control mappings, and audit reports. Prepare regular reports on the organization's compliance posture for management and relevant stakeholders. Maintain records of compliance activities, assessments, and remediation efforts. Risk Management Support: Participate in risk assessments related to cloud security and compliance. Help identify, analyze, and evaluate compliance-related risks. Assist in the development of risk mitigation strategies and track their implementation. Collaboration and Communication: Collaborate with cross-functional teams, including security engineers, DevOps engineers, legal, and internal audit, to ensure compliance is integrated into cloud initiatives. Communicate compliance requirements and best practices to technical and non-technical stakeholders. Assist in security awareness and compliance training efforts. Incident Response Support: Participate in the investigation of security incidents to determine if any compliance violations occurred. Assist in the development of post-incident reports and recommend corrective actions to prevent future compliance issues. Continuous Improvement: Monitor the evolving threat landscape and regulatory environment to proactively identify new compliance requirements or potential risks. Contribute to the continuous improvement of cloud security policies, standards, and compliance processes.