Public Cloud Risk and Controls Analyst

We have Contract role for Public Cloud Risk and Controls Analyst for our client at Dallas, TX. Please let me know if you or any of your friends would be interested in this position.

Position Details:

Public Cloud Risk and Controls Analyst- Dallas, TX

Location : Dallas, TX

Project Duration : 1+ year

Job Description:

• Identify risk, assess residual risk, and coordinate Corrective Action Plan (CAP) completion through collaboration with information security and engineering teams
• Must have a strong understanding of AWS cloud services and ability to map technical controls to compliance controls.
• Negotiate with IA (Internal Audit; Third Line of Defense) and ORM (Operational Risk Management; Second Line of Defense), and with Policy Owners when more cloud-friendly policy changes need to be influenced.
• Advise engineers on application of Policy across multiple concurrent technology domains such as Public Cloud Risk and Controls
• Research origins of Policy in Regulations collaboratively with ICRM (Independent Compliance Risk Management)
• Engage with and lead advocacy efforts with regulators in Asia and EMEA on Public Cloud in partnership with Government Affairs and Regulatory Engagement teams.
• Design processes for building and maintaining services in Public Cloud with control in mind.
• Maintain continual assessment of Management Controls Assessment (MCA) Efficacy for Public Cloud
• Monitor exceptions to dispute policy and identify common root causes of exceptions.
• Leverage data to examine impacts to Customer Experience and Regulatory breaks.
• Appropriately assess risk and demonstrate consideration for the firm's reputation and safeguard customer, its clients, and assets, by:
• Driving compliance with applicable laws, rules, and regulations
• Adhering to Policy
• Applying sound ethical judgment regarding personal behavior, conduct and business practices.
• Escalating, managing, and reporting control issues with transparency
• Influence Application Teams on best practices for MCA.

Resource Preferred Qualifications:

• Experience working directly with regulators of the financial industry in Asia regionally, or Singapore locally.
• Risk certifications such as the CIA, CISSP, CISA, CRISC, CGEIT, CDPSE, etc.
• Certifications in Public Cloud such as AWS Certified Cloud Practitioner, or AWS Certified Security Specialty
• Experience working with NIST, COBIT, ITIL, CSA, and/or ISO risk and ITSM frameworks
• Experience in an influence management discipline such as project management or product management
• Familiarity with DevOps and SRE practices
• Experience with cloud infrastructure and data services (compute, storage, networking and others)