Senior Cloud Governance Engineer

RESPONSIBILITIES:
Kforce has a client in Charlotte, NC that is seeking a Senior Cloud Governance Engineer.

Key Responsibilities:
* Own the end-to-end compliance lifecycle for cloud
infrastructure; Ensure environments are continuously aligned with organizational policies,
regulatory frameworks (SOC 2, ISO 27001, NIST, CIS Benchmarks), and internal standards
* Translate compliance requirements into enforceable Azure Policy definitions,
Terraform validation rules, and automated guardrails that prevent non-compliant resources from
being deployed
* Design and implement automated workflows for collecting,
organizing, and presenting audit evidence; Reduce manual effort during audit cycles by building
repeatable, auditable processes
* Review and provide guidance on infrastructure-as-code patterns to ensure they meet compliance, security, and operational standards; Propose required updates to existing Terraform modules when standards evolve
* Operate and optimize cloud security posture management (CSPM) tooling, primarily Wiz, to identify misconfigurations, prioritize risk, and drive remediation with engineering teams
* Build and maintain compliance dashboards and workbooks using Azure Monitor and Azure Workbooks to provide real-time visibility into governance posture across subscriptions and environments
* Design and build AI/LLM-driven tools that accelerate governance workflows - such as automated control mapping, natural-language policy interpretation, intelligent evidence summarization, and anomaly detection across compliance data
* Maintain and operate governance, risk, and compliance (GRC) processes - including risk register management, control testing schedules, exception tracking, and remediation SLA monitoring; Ensure alignment between cloud infrastructure controls and enterprise GRC frameworks

REQUIREMENTS:
* GRC Fundamentals: Solid understanding of governance, risk, and compliance frameworks; Experience with risk assessment methodologies, control mapping, exception management, and working with GRC platforms (ServiceNow GRC, Archer, or similar)
* IT Audit Experience: Hands-on participation in both internal and external IT audits - scoping
controls, gathering evidence, responding to auditor inquiries, and driving remediation of findings
to closure
* Cloud Compliance Expertise: Deep understanding of compliance frameworks (SOC 2, ISO
27001, FedRAMP, NIST, CIS) and how they map to cloud infrastructure configurations and
controls
* Azure Governance Tooling: Strong proficiency with Azure Policy, Azure Monitor, Azure
Workbooks, Microsoft Defender for Cloud, and Management Groups/Subscription governance
patterns
* CSPM Tools (Wiz): Experience operating Wiz or comparable CSPM platforms (Prisma Cloud,
Orca) for vulnerability detection, compliance scanning, and risk prioritization
* Infrastructure as Code (Terraform): Solid understanding of Terraform; You can read, review,
and recommend changes to HCL modules to enforce compliance standards - not just flag
violations after the fact
* Automation & Scripting: Ability to automate evidence collection and reporting workflows using
scripting (Python, PowerShell, Bash) and Azure-native automation tools (Logic Apps, Azure
Functions, Azure Automation)
* AI/LLM Application Development: Experience building internal tools or workflows leveraging
large language models - prompt engineering, RAG patterns, or agent-based automation applied to operational or compliance use cases
* Communication & Influence: You can translate technical audit findings into clear remediation
guidance for engineering teams and articulate compliance posture to leadership and auditors

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.