Senior Security Assurance Engineer - Cloud Security

Job Summary:

Are you passionate about leading security engineering efforts that drive quality assurance for continuous cloud security?

Do you thrive on the challenge of designing, implementing, and enhancing security controls and procedures to improve cloud security compliance and AI governance? If guiding organizations through transformative security improvements excites you, we want to hear from you!

We are looking for a proactive, dynamic, and collaborative team member to drive industry-alignment of our internal security controls, and champion compliance through proactive audits, rigorous quality checks, and actionable solutions that improve the security of our cloud products and infrastructure.

Responsibilities:

Controls Development:

• Review and validate internal policies and IT General Controls (ITGCs) against quality criteria to ensure they are complete, accurate, traceable, and aligned with cloud security and AI-specific frameworks (such as ISO 42001).
• Work with cross-functional stakeholders to develop appropriate security controls and technical solutions to meet cloud security requirements

Compliance Monitoring:

• Perform ongoing audits on cloud infrastructure and services, including spot checks, and control tests, to assess the effectiveness, reliability, and sustainability of information security controls.
• Identify deviations, gaps, or process defects and ensure that remediation actions are clearly documented, assigned, completed, and validated.
• Drive and verify the effectiveness of corrective and preventive actions, ensuring that process improvements are implemented, documented, and sustained.
• Work with engineering teams and ensure that our cloud infrastructure and IaaS, PaaS, and SaaS services meet required cloud security standards.
• Partner closely with cross-functional teams to ensure that security and compliance are integrated into the product development lifecycle
• Devise processes and automation to deliver continuous compliance at cloud scale and support reporting to senior management.

Risk Management:

• Independently review and validate cybersecurity risk assessments and vulnerability analyses to confirm that methodologies, inputs, and conclusions meet defined security standards.
• Assess the quality and completeness of risk identification for cloud-hosted services and IaaS/PaaS/SaaS, and verify that mitigation recommendations are appropriate, actionable, and tracked to closure.

Minimum Qualifications:

• A bachelor's degree and 6 years of professional work experience (or a master's degree and 3 years of professional work experience, or a PhD degree, or equivalent experience) is required.

Additional Qualifications:

• Experience with software development processes. Hands-on experience with the definition and implementation of department / organizational security controls.
• Experience with performing internal process audits and process improvement work.
• Experience with / understanding of SOC 2, ISO42001, COBIT, ITIL, ISO, IT General Controls (ITGC), NIST 800-171, NIST 800-53, ISO 27001/2, NIST SSDF, and/or other industry standard control frameworks to document and assess cloud security compliance and AI governance.
• Exceptional communication skills, including clear and concise writing, an engaging presentation style, and group facilitation.
• Strong teamwork skills with a demonstrated ability to collaborate across teams and roles.