TMT IT Solutions
Cloud Governance Engineer
β - Featured Role | Apply direct with Data Freelance Hub
This role is for a Cloud Governance Engineer with a contract length of "unknown," offering a pay rate of "$X/hour." Key skills include Azure governance, Terraform, CSPM tools, and automation scripting. Candidates must hold relevant certifications like CISA or CRISC.
π - Country
United States
π± - Currency
$ USD
-
π° - Day rate
520
-
ποΈ - Date
May 20, 2026
π - Duration
Unknown
-
ποΈ - Location
Unknown
-
π - Contract
Unknown
-
π - Security
Unknown
-
π - Location detailed
North Carolina, United States
-
π§ - Skills detailed
#Security #AI (Artificial Intelligence) #Deployment #Azure #Python #Monitoring #Infrastructure as Code (IaC) #Defender #Datasets #Anomaly Detection #Bash #Compliance #Automation #Scripting #Azure Security #Terraform #Logic Apps #Cloud
Role description
We are seeking a Senior Cloud GRC & AI Engineer to completely own the compliance, governance, and audit posture of our enterprise cloud platform. In this role, you will bridge the gap between traditional IT audit and modern cloud infrastructure, ensuring that everything provisioned across our environments automatically meets regulatory, security, and organizational standards.
Rather than relying on manual checks, you will build a proactive governance ecosystem by embedding Policy-as-Code directly into our Terraform patterns, operating cloud security posture management (CSPM) tools, and orchestrating automated evidence-collection pipelines. Additionally, you will pioneer the development of AI/LLM-powered internal tools to accelerate control mapping, policy interpretation, and anomaly detection across our compliance datasets.
Key Responsibilities
1. Policy-as-Code & Terraform Governance
β’ Translate abstract regulatory requirements into enforceable Azure Policy definitions, Terraform validation rules, and automated deployment guardrails.
β’ Review Infrastructure-as-Code (IaC) patterns and recommend architectural changes to HashiCorp Configuration Language (HCL) modules to enforce standards before deployment.
β’ Proactively update existing Terraform modules as industry benchmarks and organizational compliance standards evolve.
1. Audit Automation & Evidence Collection
β’ Scope controls and own the end-to-end cloud compliance lifecycle for major frameworks, including SOC 2, ISO 27001, NIST, and CIS Benchmarks.
β’ Design, build, and maintain automated evidence-collection workflows using Python, PowerShell, or Azure-native automation (Logic Apps, Azure Functions) to drastically reduce manual audit overhead.
β’ Gather, organize, and present bulletproof evidence packages to internal and external auditors during official exam cycles.
1. Cloud Security Posture Management (CSPM)
β’ Operate and heavily optimize our primary CSPM platformβWizβto scan environments, identify misconfigurations, and map attack paths.
β’ Prioritize discovered cloud risks and collaborate directly with platform architects and application teams to drive remediation within strict SLAs.
β’ Build and scale continuous compliance dashboards and workbooks using Azure Monitor and Azure Workbooks to provide real-time visibility across all subscriptions.
1. AI-Powered Governance Engineering
β’ Design and implement internal AI/LLM-driven solutions (leveraging prompt engineering, RAG architectures, or agentic frameworks) to accelerate GRC workflows.
β’ Build automated tools for natural-language policy interpretation, automated control mapping, and intelligent evidence summarization.
1. Enterprise GRC Support
β’ Maintain and execute standard GRC processes, including managing the cloud risk register, keeping up with control testing schedules, tracking security exceptions, and monitoring mitigation timelines.
β’ Map cloud-infrastructure controls cleanly back to the enterprise GRC platform (e.g., ServiceNow GRC or Archer).
Required Technical Experience & Tooling
β’ Cloud Infrastructure: Advanced proficiency in Azure management group/subscription governance, Microsoft Defender for Cloud, and Azure Policy.
β’ Infrastructure as Code: Intermediate to advanced understanding of Terraform (ability to read, review, and refactor code, rather than just running static scans).
β’ CSPM Tooling: Professional experience leveraging Wiz (or equivalent enterprise platforms like Prisma Cloud or Orca Security) to manage cloud vulnerabilities and compliance profiles.
β’ Automation Engineering: Strong hands-on scripting capabilities (Python, Bash, or PowerShell) combined with cloud-native automation components.
β’ AI/LLM Engineering: Proven experience building or experimenting with LLM applications applied specifically to operational or data-heavy compliance use cases.
β’ GRC Platforms: Familiarity operating enterprise GRC systems like ServiceNow GRC or RSA Archer.
Candidates must hold at least one of the following core credentials:
β’ CISA (Certified Information Systems Auditor)
β’ CRISC (Certified in Risk and Information Systems Control)
β’ CCSK (Certificate of Cloud Security Knowledge) or CCSP (Certified Cloud Security Professional)
β’ Microsoft Certified: Azure Security Engineer Associate
We are seeking a Senior Cloud GRC & AI Engineer to completely own the compliance, governance, and audit posture of our enterprise cloud platform. In this role, you will bridge the gap between traditional IT audit and modern cloud infrastructure, ensuring that everything provisioned across our environments automatically meets regulatory, security, and organizational standards.
Rather than relying on manual checks, you will build a proactive governance ecosystem by embedding Policy-as-Code directly into our Terraform patterns, operating cloud security posture management (CSPM) tools, and orchestrating automated evidence-collection pipelines. Additionally, you will pioneer the development of AI/LLM-powered internal tools to accelerate control mapping, policy interpretation, and anomaly detection across our compliance datasets.
Key Responsibilities
1. Policy-as-Code & Terraform Governance
β’ Translate abstract regulatory requirements into enforceable Azure Policy definitions, Terraform validation rules, and automated deployment guardrails.
β’ Review Infrastructure-as-Code (IaC) patterns and recommend architectural changes to HashiCorp Configuration Language (HCL) modules to enforce standards before deployment.
β’ Proactively update existing Terraform modules as industry benchmarks and organizational compliance standards evolve.
1. Audit Automation & Evidence Collection
β’ Scope controls and own the end-to-end cloud compliance lifecycle for major frameworks, including SOC 2, ISO 27001, NIST, and CIS Benchmarks.
β’ Design, build, and maintain automated evidence-collection workflows using Python, PowerShell, or Azure-native automation (Logic Apps, Azure Functions) to drastically reduce manual audit overhead.
β’ Gather, organize, and present bulletproof evidence packages to internal and external auditors during official exam cycles.
1. Cloud Security Posture Management (CSPM)
β’ Operate and heavily optimize our primary CSPM platformβWizβto scan environments, identify misconfigurations, and map attack paths.
β’ Prioritize discovered cloud risks and collaborate directly with platform architects and application teams to drive remediation within strict SLAs.
β’ Build and scale continuous compliance dashboards and workbooks using Azure Monitor and Azure Workbooks to provide real-time visibility across all subscriptions.
1. AI-Powered Governance Engineering
β’ Design and implement internal AI/LLM-driven solutions (leveraging prompt engineering, RAG architectures, or agentic frameworks) to accelerate GRC workflows.
β’ Build automated tools for natural-language policy interpretation, automated control mapping, and intelligent evidence summarization.
1. Enterprise GRC Support
β’ Maintain and execute standard GRC processes, including managing the cloud risk register, keeping up with control testing schedules, tracking security exceptions, and monitoring mitigation timelines.
β’ Map cloud-infrastructure controls cleanly back to the enterprise GRC platform (e.g., ServiceNow GRC or Archer).
Required Technical Experience & Tooling
β’ Cloud Infrastructure: Advanced proficiency in Azure management group/subscription governance, Microsoft Defender for Cloud, and Azure Policy.
β’ Infrastructure as Code: Intermediate to advanced understanding of Terraform (ability to read, review, and refactor code, rather than just running static scans).
β’ CSPM Tooling: Professional experience leveraging Wiz (or equivalent enterprise platforms like Prisma Cloud or Orca Security) to manage cloud vulnerabilities and compliance profiles.
β’ Automation Engineering: Strong hands-on scripting capabilities (Python, Bash, or PowerShell) combined with cloud-native automation components.
β’ AI/LLM Engineering: Proven experience building or experimenting with LLM applications applied specifically to operational or data-heavy compliance use cases.
β’ GRC Platforms: Familiarity operating enterprise GRC systems like ServiceNow GRC or RSA Archer.
Candidates must hold at least one of the following core credentials:
β’ CISA (Certified Information Systems Auditor)
β’ CRISC (Certified in Risk and Information Systems Control)
β’ CCSK (Certificate of Cloud Security Knowledge) or CCSP (Certified Cloud Security Professional)
β’ Microsoft Certified: Azure Security Engineer Associate
