Cloud Risk & Compliance Analyst

The Cloud Risk & Compliance Analyst is a client-facing role that provides risk management support to all Line of Businesses by applying the CGA (Cloud Governance Authority) Control Objective Applicability Matrix to applications who want to use cloud service providers (Azure, AWS, GCP), ensuring adherence to posted bank policies, standards, and requirements. This candidate ensures that the controls used to mitigate business and application risks are properly implemented within the clients ecosystem, are fully executed, and sustainable for each Use Case presented to the CGA searching production approval.

Responsibilities:

• The Cloud Compliance Analyst serves as a consultant in maintaining quality of evidence and the oversight and response to inquiry/examination of control evidence as proof applications are secure by design and production ready.
• Work with LOBs - UCR (cloud use case requestors), Application Teams (Developers, Dev/ops Engineers, Change Management, SRE (Site Reliability Engineers, Engineering Operations, and IT governance bodies (DMZ Center of Excellence, Cloud Governance Authority, Cloud Architecture Design Authority).
• Comfortably host and guide 4-5 active cloud use cases through the CGA pipeline simultaneously. Therefore, time management and communication / presentation of cloud concepts are critical hard skills for success.
• Maintain knowledge of CSP (Cloud Service Providers - Azure, AWS, and GCP) Platform functionality.
• This is client facing function, requiring the candidate to establish multiple working sessions weekly, typically covering up to 2 months of meetings with each LOB team (use cases - comprised of 6-10 contributors).

Desired Experience:

• Ability to understand key Cloud technologies and application development concepts, such as Terraform, CI /CD pipelines, code repositories, change management procedures, and automated testing.
• Ability to scale-up / scale-down control guidance to a wide-spectrum of individuals (Dev/Ops, PMO) with different levels of Cloud and IT specific knowledge.
• People management - Needed to adjust to different knowledge levels and communication styles. Motivation to independently stay abreast of the fast changing CSP industry - Platform/Services changes to provide accurate guidance to each LOB UCR (use case requestor).
• Microsoft PowerPoint, SharePoint Excel, Word - Are heavily used to convey/present cloud concepts during the LOB UCR meetings, and during the final CGA QC/QA tollgate (review for production).
• Excellent communication, organizational leadership, coaching, and troubleshooting skills.
• Strong executive presence and the ability to communicate complex technology solutions to senior stakeholders.