Public Cloud Risk ,Compliance and Controls Analyst - AWS Security - Remote

Public Cloud Risk ,Compliance and Controls Analyst Remote

AWS Security is key

• Identify risk, assess residual risk, and coordinate Corrective Action Plan (CAP) completion through collaboration with information security and engineering teams
• Must have a strong understanding of AWS cloud services and ability to map technical controls to compliance controls.
• Negotiate with IA (Internal Audit; Third Line of Defense) and ORM (Operational Risk Management; Second Line of Defense), and with Policy Owners when more cloud-friendly policy changes need to be influenced.
• Advise engineers on application of Policy across multiple concurrent technology domains such as Public Cloud Risk and Controls
• Research origins of Policy in Regulations collaboratively with ICRM (Independent Compliance Risk Management)
• Engage with and lead advocacy efforts with regulators in Asia and EMEA on Public Cloud in partnership with Government Affairs and Regulatory Engagement teams.
• Design processes for building and maintaining services in Public Cloud with control in mind.
• Maintain continual assessment of Management Controls Assessment (MCA) Efficacy for Public Cloud
• Monitor exceptions to dispute policy and identify common root causes of exceptions.
• Leverage data to examine impacts to Customer Experience and Regulatory breaks.
• Appropriately assess risk and demonstrate consideration for the firm's reputation and safeguard customer, its clients, and assets, by:
• Driving compliance with applicable laws, rules, and regulations
• Adhering to Policy
• Applying sound ethical judgment regarding personal behavior, conduct and business practices.
• Escalating, managing, and reporting control issues with transparency
• Influence Application Teams on best practices for MCA.

Resource Preferred Qualifications:

• Experience working directly with regulators of the financial industry in Asia regionally, or Singapore locally.
• Risk certifications such as the CIA, CISSP, CISA, CRISC, CGEIT, CDPSE, etc.
• Certifications in Public Cloud such as AWS Certified Cloud Practitioner, or AWS Certified Security Specialty
• Experience working with NIST, COBIT, ITIL, CSA, and/or ISO risk and ITSM frameworks
• Experience in an influence management discipline such as project management or product management
• Familiarity with DevOps and SRE practices
• Experience with cloud infrastructure and data services (compute, storage, networking and others)