Cloud Cybersecurity Compliance Engineer

Must be Onsite in Rockville MD Hybrid

Must have the following experience:

5 yearsexperience applying governance risk compliance principles to public cloud ecosystems such as AWS (Amazon) Azure (Microsoft) and/or (GRC) Google

5 yearsexperience designing/implementing cloudbased information security/privacy polices mapped to industry standards and regulatory frameworks (e.g. NIST 80053 FedRAMP PCI HIPAA etc.)

Designing implementing and performing cloudbased risk assessments and control gap analysis; identifying analyzing and evaluating cloud security/privacy risks through analysis of vendorprovided SOC2 and other cloud security control documentation.

Proven ability to communicate confidentially professionally and effectively in both written and verbal formats with business technical and thirdparty stakeholders.

Developing monitoring gathering and analyzing information security and compliance metrics for management for the cloud environment.

Scope of Work

The contractor will provide technical staff to take a leading position in the Countys Cloud Cybersecurity Compliance program. Their primary focus will be to identify and prioritize cloud related risks enterprisewide executing comprehensive risk assessments and control gap analyses in line with established information security policies and widely recognized risk management frameworks applicable to a range of public cloud environments.

Contractor Staff will be responsible for conducting thorough reviews of legal contracts and agreements relevant to cloud services including service level agreements (SLAs) data processing agreements (DPAs) and vendor contracts. This involves interpreting complex legal language and terms to ensure compliance with information security and privacy requirements identifying potential risks or areas of noncompliance and articulating these findings in a clear comprehensible manner to business units and legal counsel. The contractor will liaise closely with County attorneys and business stakeholders to provide actionable insights ensuring that contractual obligations align with the County s governance risk and compliance frameworks and standards.

Contract Staff will work sidebyside with County staff and play a lead role on the Governance Risk Compliance team having responsibility for the following:

Designing implementing and continuously improving the County s cloud information security/privacy compliance program based on applicable policies local/state/federal laws/regulations and adopted risk management frameworks.

Designing implementing leading cloudbased risk assessments and control gap analysis procedures activities documents and communication plans

Leveraging NIST 80053/FedRAMP assessment experience technical and program management skills to lead plan track collaborate and report on the cloud governance risk compliance program deliverables including scheduling/leading meetings assigning/tracking action items and developing status reports.

Performing cross functional interviews with business technical and information security partners to determine if information security/privacy controls are implemented correctly operating as intended and producing the desired results.

Communicating program controls measurements metrics and assessment results confidentially professionally and effectively in both written and verbal formats with business technical and thirdparty stakeholders.