Cloud Security & Compliance Analyst — ISO​/ISRP Specialist

Role Overview

Assess and validate cloud solutions against enterprise security policies and compliance frameworks. Lead ISRP/ISO reviews, support certification readiness, and ensure audit-ready documentation across AWS, GCP, or Azure environments.

• Perform ISRP/ISO reviews across design, build, and certification stages.
• Assess cloud architectures (VPC/VNet, compute, storage, IAM, networking, KMS/CMEK) for policy compliance and residual risk.
• Validate preventative, detective, and automated controls.
• Map controls and risks to NIST (CSF/800-53), ISO 27001, SOC 2; perform gap analyses.
• Drive risk acceptance, exceptions, and remediation plans with stakeholders.
• Prepare audit-ready artifacts (reports, checklists, evidence, sign-offs).
• Support certification gates and provide recommendations.
• Track and report compliance status, remediation, and escalations.
• Collaborate with architects, IAM, threat modeling, SOC, and business teams.

• 5+ years in information security, including 3+ years in cloud security & compliance.
• Experience with AWS, GCP, or Azure (VPC/VNet, EC2/GCE, S3/GCS, IAM, logging, KMS).
• Knowledge of IaC/CI-CD security (Terraform, policy-as-code preferred).
• Strong understanding of NIST, ISO 27001, SOC 2 frameworks.
• Experience with audit evidence and compliance reporting.
• Strong communication skills for technical and non-technical audiences.

Preferred

Certifications:

CISSP, CISM, CRISC, CCSK, Cloud Security certs, ISO 27001 Lead Auditor

• Experience with cloud certification/gate reviews
• Familiarity with MITRE ATT&CK and threat modeling
• Strong cross-functional collaboration and organization skills
• Ability to manage multiple reviews and evidence tracking

• ISRP/ISO review reports and certification recommendations
• Gap analyses and remediation plans
• Audit-ready evidence bundles
• Documented risk decisions and exceptions
• Status reports on compliance and certification progress