Cloud Security and Compliance Officer

Details

Location: Washington, DC (on-site)

Clearance: Active SECRET (or higher) clearance required

The Cloud Security and Compliance Officer plays a critical role in securing the organization's multi‑cloud environment across AWS, Azure, and Google Cloud Platform (GCP). This role partners closely with the Principal Cloud Security Engineer and the cloud security engineering team to implement compliance controls, support audits, manage risk, and ensure adherence to internal and regulatory security standards.

This person will translate compliance requirements into technical controls, streamline authorization processes, and support continuous monitoring activities across cloud platforms.

• Implement, validate, and maintain security controls across AWS, Azure, and GCP environments.
• Support FedRAMP, FISMA, NIST 800‑53, CIS Benchmarks, PCI, and organizational compliance frameworks.
• Conduct control assessments, analyze gaps, and guide remediation activities in partnership with cloud security engineers.
• Assist with preparing, reviewing, and maintaining compliance documentation, including SSPs, POA&Ms, PTAs, PIAs, IRPs, CMPs, and audit artifacts.
• Support cloud authorization activities (ATO processes) and help streamline compliance workflows.

• Monitor cloud environments using tools such as AWS Security Hub, Azure Security Center, Google Command Center, , Qualys, and SIEM tools.
• Identify risks across infrastructure, applications, and configurations; track and remediate findings.
• Develop repeatable workflows for log monitoring, vulnerability management, and cloud configuration auditing.

• Collaborate with AWS, Azure, and GCP Cloud Security Engineers to interpret compliance requirements into actionable security configurations.
• Assist in secure design and implementation of cloud architectures aligned with Enterprise Architecture (EA) and Zero Trust principles.
• Participate in incident response activities related to cloud environments.

• Create and maintain SOPs, runbooks, workflows, and compliance reports for leadership visibility.
• Recommend improvements to compliance and monitoring processes to reduce audit findings and operational friction.
• Support executive‑level reporting and security governance initiatives.

• Work with security, IT, legal, engineering, and leadership teams to ensure compliance requirements are understood and met.
• Communicate technical compliance issues in business‑aligned language.
• Provide guidance and knowledge