Job Title: Cloud Security Analyst
Location: Phoenix, AZ
FTE
Job Description
Must Have Technical/Functional Skills
2+ years of experience in Information Security, Technology Risk, IT Controls, or related roles
Familiarity with Cloud Control Matrix (CCM) and CIS benchmarks for basic gap assessments
Foundational understanding of Information Security disciplines including Governance, Identity & Access Management,
Infrastructure Security, Vulnerability Management, Data Protection, Application Security, and Incident Response
Exposure to audit or regulatory processes preferred
Understanding of Cloud fundamentals including containers, software-defined networks, high availability design,
multi-cloud, and serverless compute concepts
The Analyst will assist in audit preparation, compliance monitoring, and governance activities, helping to maintain a
standardized, risk-based compliance model for cloud security.
Roles & Responsibilities
Support the implementation of processes and methods for auditing and addressing non compliance to information
security standards and methodologies
• Assist in tracking and reporting remediation efforts to migrate non-compliant environments to compliant states
• Prepare materials (reports, presentations, dashboards, spreadsheets, etc.) to support informed decision-making
• Validate data for completeness, accuracy, and relevance for compliance and risk reporting
• Maintain internal documentation to ensure processes and operational requirements are up to date
• Provide analytical support for issue management, project assessments, and compliance reporting
• Collaborate with cross-functional teams to track and support remediation efforts
• Assist in evaluating and documenting controls, standards, processes, and procedures
• Support communications related to cloud security initiatives and compliance updates
• Participate in operational risk activities such as risk assessments, process mapping, identification of risks, and
documentation/testing of controls
• Support coordination of audit-related activities, including evidence collection and response preparation
• Monitor regulatory updates and assist in identifying potential impacts to cloud security controls