POSITION OVERVIEW :

The Cloud Engineer Audit & Compliance is responsible for ensuring that cloud environments across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) meet organizational, security, and regulatory compliance requirements. This role focuses on implementing, monitoring, and maintaining audit controls, governance frameworks, and compliance standards across cloud platforms.

The ideal candidate will work closely with cloud architects, security teams, and auditors to ensure adherence to best practices, industry standards, and regulatory requirements while enabling secure and compliant cloud operations.

Key Responsibilities :

- Ensure cloud environments comply with regulatory standards (ISO 27001, SOC 2, GDPR, HIPAA, etc.)

- Support internal and external audits by preparing documentation and evidence

- Conduct regular compliance assessments, gap analysis, and risk evaluations

- Maintain audit trails and ensure proper logging across cloud platforms

- Implement and enforce compliance controls and policies

- Define and implement cloud governance frameworks across Azure, AWS, and GCP

- Enforce policies for resource provisioning, tagging, and access control

- Monitor adherence to organizational standards and cloud best practices

- Implement policy-as-code using native tools (Azure Policy, AWS Config, GCP Organization Policies)

- Collaborate with security teams to enforce cloud security controls

- Identify vulnerabilities and ensure remediation of compliance gaps

- Monitor cloud environments using security and compliance tools

- Support risk management processes and mitigation strategies

- Implement and manage logging, monitoring, and alerting for compliance (CloudTrail, Azure Monitor, Cloud Logging)

- Generate compliance reports, dashboards, and audit documentation

- Track KPIs, SLAs, and compliance metrics

- Provide regular updates to stakeholders and leadership

- Automate compliance checks and audit processes using scripts and tools

- Use Infrastructure as Code (Terraform, ARM, CloudFormation) to enforce compliance

- Integrate compliance checks into CI/CD pipelines (DevSecOps practices)

- Ensure proper implementation of identity and access management (IAM, RBAC, service accounts)

- Review and audit user access, roles, and permissions

- Implement least privilege access and periodic access reviews

- Work with cloud architects, engineers, and DevOps teams to ensure compliance requirements are met

- Support audit teams during reviews and assessments

- Act as a point of contact for compliance-related queries and escalations

- Provide training and awareness on cloud compliance best practices

- Maintain compliance documentation, policies, and procedures

- Develop and update audit checklists, runbooks, and control frameworks

- Ensure proper documentation of cloud environments and configurations