Head of Audit Compliance and Cloud Security

Position Overview:
The Head of Audit Compliance and Cloud Security will be responsible for overseeing the organizations compliance with regulatory and audit requirements while ensuring the security and integrity of its cloud infrastructure. This dual role requires expertise in compliance frameworks, regulatory standards (e.g., ISO 27001, PCI DSS), and cloud security strategies. The ideal candidate will drive audit preparedness, risk management, and the implementation of robust security measures across cloud platforms.

Key Responsibilities:

Audit Compliance Management:

1. Regulatory Adherence:
   
• Ensure the organization maintains ISO 27001, PCI DSS, and other required certifications.
• Develop and implement processes to ensure ongoing compliance with industry standards and regulatory requirements.
2. Audit Readiness:
   
• Lead internal and external audit processes, including evidence collection and resolution of findings.
• Conduct gap analyses and mock audits to identify areas of non-compliance and drive remediation.
• Maintain and update compliance documentation, including policies and corrective action plans.
3. Policy Development and Awareness:
   
• Develop, update, and enforce security and compliance-related policies.
• Train and educate employees on compliance and audit requirements, fostering a culture of security awareness.

Cloud Security Leadership:

1. Cloud Infrastructure Security:
   
• Develop and implement a comprehensive security strategy for cloud platforms such as Azure and AWS.
• Manage DDoS protection mechanisms and Web Application Firewalls (WAF), including evaluating tools like AppTrana.
2. Risk Management and Compliance Alignment:
   
• Assess and mitigate risks related to cloud operations, including vulnerability assessments and penetration testing.
• Ensure cloud environments comply with ISO 27001, PCI DSS, and other audit standards.
• Manage client-specific requirements, including IP whitelisting and secure communication protocols.
3. Incident Response and Disaster Recovery:
   
• Develop and maintain incident response plans tailored to cloud environments.
• Oversee disaster recovery strategies, ensuring business continuity in the event of a security incident.

Collaboration and Innovation:

1. Cross-Functional Collaboration:
   
• Work with engineering and DevOps teams to embed security within CI/CD pipelines.
• Partner with compliance teams to address audit and security overlaps effectively.
2. Technology Evaluation and Implementation:
   
• Stay updated with emerging security technologies and threats.
• Drive the adoption of innovative solutions to enhance compliance and security measures.

Qualifications:

• Proven experience in audit compliance and cloud security leadership roles.
• Expertise in ISO 27001, PCI DSS, and regulatory frameworks.
• Strong understanding of cloud platforms (Azure, AWS) and tools , WAFs, and DDoS protection systems.
• Demonstrated ability to manage audit processes, risk assessments, and incident responses.
• Certifications such as CISSP, CISA, AWS Certified Security Specialty, Azure Security Engineer, or CCSP are highly desirable.
• Excellent leadership, analytical, and communication skills.