Cloud Compliance Analyst
The Cloud Compliance Officer will be responsible for architecting, developing, and implementing solutions that help Rhymetec's clients achieve, manage and measure security metrics and compliance requirements. The role will work closely with engineering teams to help design, develop and deliver security and compliance objectives and have the ability to help drive foundational changes in internal cloud platforms to enhance their security posture.
Responsibilities:
- Prepare agendas and reference documents for meetings with clients.
- Conduct meetings with clients regularly and irregularly, depending on the type of meeting. Meetings range from 15 minutes to 1 hour.
- Configure performance monitoring alarms in AWS, Azure, GCP, and Datadog
- Configure Security alarms and Intrusion detection systems in AWS, GCP, Azure
- Set up supporting security applications.
- Set up mobile device management applications such as Jamf, Jumpcloud, Microsoft Endpoint manager, and Hexnode.
- Configure the Vanta account for the client.
- Conduct internal audits and risk assessments, and generate reports.
- Conduct Business Continuity and Disaster recovery tabletop exercises with clients
- Translate SOC 2 Type 2, ISO 27001, GDPR, and HIPAA controls into actionable items for clients
- Conduct employee access reviews, SaaS vendor security assessments, and Gap assessments
- Triage bug/vulnerability reports from security researchers
- Complete security questionnaires on behalf of clients
- Draft supporting documents for client information security management
- Systems and information security policies.
- Communicate tasks to client's employees and educate clients on security best practices.
- Troubleshoot issues that may arise within our scope of work
Qualifications:
● Knowledge of compliance and regulatory frameworks (PCI, ISO/IEC, SOC 2, HIPAA, GDPR)
● 2+ years of work experience working with technology, cybersecurity, and regulatory compliance
● Strong logical security skills, with experience in cloud security
● Understanding of cloud environments (AWS, GCP, Azure) and integrating security controls through DevOps and Infrastructure as a Service (IaaS) techniques
Must Haves:
● Bachelor's degree or equivalent experience related to the technology or cyber security field
● 2 + years of work experience working with technology or cybersecurity.