Sr. Cloud Governance Engineer
Listed on 2026-06-18
-
IT/Tech
Cybersecurity, Data Security, Information Security
Job Description
As a Senior Cloud Governance Engineer, you will own the compliance and audit posture of our cloud platform. You will ensure that the infrastructure we provision meets regulatory, security, and organizational standards — and that we can prove it. You will work closely with our platform architects and engineering teams to embed governance directly into our Terraform patterns, automate evidence collection, and maintain continuous audit readiness.
Key Responsibilities- Compliance & Audit Readiness:
Own the end-to-end compliance lifecycle for cloud infrastructure. Ensure environments are continuously aligned with organizational policies, regulatory frameworks (SOC 2, ISO 27001, NIST, CIS Benchmarks), and internal standards. - Policy-as-Code:
Translate compliance requirements into enforceable Azure Policy definitions, Terraform validation rules, and automated guardrails that prevent non-compliant resources from being deployed. - Evidence Collection & Automation:
Design and implement automated workflows for collecting, organizing, and presenting audit evidence. Reduce manual effort during audit cycles by building repeatable, auditable processes. - Terraform Pattern Governance:
Review and provide guidance on infrastructure-as-code patterns to ensure they meet compliance, security, and operational standards. Propose required updates to existing Terraform modules when standards evolve. - Security Posture Management:
Operate and optimize cloud security posture management (CSPM) tooling, primarily Wiz, to identify misconfigurations, prioritize risk, and drive remediation with engineering teams. - Monitoring & Reporting:
Build and maintain compliance dashboards and workbooks using Azure Monitor and Azure Workbooks to provide real-time visibility into governance posture across subscriptions and environments. - AI‑Powered Governance Tooling:
Design and build AI/LLM‑driven tools that accelerate governance workflows — such as automated control mapping, natural‑language policy interpretation, intelligent evidence summarization, and anomaly detection across compliance data. - GRC Program Support:
Maintain and operate governance, risk, and compliance (GRC) processes — including risk register management, control testing schedules, exception tracking, and remediation SLA monitoring. Ensure alignment between cloud infrastructure controls and enterprise GRC frameworks. - Cross‑Functional
Collaboration:
Partner with platform architects, security teams, and application owners to interpret audit findings, recommend remediation paths, and ensure governance requirements are practical and achievable.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances.
If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
- GRC Fundamentals:
Solid understanding of governance, risk, and compliance frameworks. Experience with risk assessment methodologies, control mapping, exception management, and working with GRC platforms (Service Now GRC, Archer, or similar). - IT Audit
Experience:
Hands‑on participation in both internal and external IT audits — scoping controls, gathering evidence, responding to auditor inquiries, and driving remediation of findings to closure. - Cloud Compliance Expertise:
Deep understanding of compliance frameworks (SOC 2, ISO 27001, FedRAMP, NIST, CIS) and how they map to…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).