KPMG
Website:
kpmg.com
Job details:
We are hiring for Bangalore and Gurgaon
Req# 30042412
Description
Cloud Engineering services the broader Firm through delivery of core technology and managed services capabilities, collaboration and innovation development services, and development of strategic technology partnerships.
The Cloud Security Governance & Compliance team provides oversight of security posture across both cloud infrastructure and software delivery pipelines. The function monitors compliance with security standards, tracks remediation of identified risks, and ensures that engineering teams address issues within agreed timeframes.
The Team
The role sits within the Cloud Engineering / Cloud Security Governance & Compliance team. The team provides oversight of cloud and software security posture across enterprise platforms.
The team works closely with platform engineering teams, application development teams, security architecture, and risk and assurance functions.
The focus is on monitoring compliance with defined security controls across infrastructure and software delivery environments, identifying deviations from security standards, and coordinating remediation with the responsible engineering teams.
The Role
The Cloud Security Governance Analyst supports the monitoring of security posture across cloud platforms and software delivery environments and helps ensure that identified risks are tracked through to remediation by the relevant engineering teams.
The role provides day-to-day support across cloud security governance activities, including oversight of security findings, vulnerability management tracking, secure code monitoring, and lifecycle risks such as end-of-life software across services.
The role assists in reviewing findings from infrastructure scanning, code security tools, and vulnerability platforms, ensuring that issues are logged, assigned, tracked, and reported through established governance processes.
The role works with engineering, development, and security teams to maintain accurate visibility of security risks and remediation progress and supports escalation of overdue or unresolved issues through appropriate channels.
This role focuses on governance support, security posture monitoring, issue tracking, and reporting rather than direct implementation of security tooling.
Responsibilities
Key responsibility
- Monitor cloud environments and security reporting tools to identify deviations from defined security controls and platform guardrails
- Support the maintenance of visibility over overall cloud security posture through dashboards, reporting, and issue tracking
- Track security findings across infrastructure and code security tools, including vulnerabilities, configuration risks, and compliance issues
- Monitor findings from software development pipelines including dependency vulnerabilities, container image risks, and code security issues
- Work with engineering and development teams to ensure identified findings are recorded and remediation actions are assigned
- Track remediation progress and follow up with service owners and engineering teams on open or overdue issues
- Support governance processes for vulnerability management across infrastructure, containers, and application components
- Assist in monitoring risks related to end-of-life (EOL) software and unsupported dependencies
- Support exception management processes where services cannot immediately comply with security standards, ensuring appropriate documentation is maintained
- Prepare regular reporting on cloud and application security posture, remediation progress, and outstanding risks
- Support audit and assurance activities by maintaining evidence, issue logs, remediation records, and governance documentation
- Work closely with platform engineering teams, development teams, and security architecture to support alignment between security governance requirements and operational delivery
- Escalate risks or overdue remediation items to senior team members in line with established governance processes
Contribute to continuous improvement of governance tracking, reporting accuracy, and security control monitoring processes
The Person
To be effective in this role, the individual must have:
- Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, Engineering, or a related discipline
- 2–4 years of professional experience in information security, cloud security, IT risk, governance, compliance, or security operations-related roles
- 1–2 years of experience working with cloud environments (AWS, Azure, or Google Cloud) from a security, governance, operational risk, or compliance perspective
- Experience supporting governance, risk tracking, remediation coordination, or control monitoring activities in an enterprise technology environment
- Familiarity with security assurance, audit support, or compliance-related activities
- Basic to good understanding of cloud security risks and governance practices across platforms such as Azure, AWS, or Google Cloud
- Familiarity with secure software development practices and common code security risks
- Exposure to vulnerability management and security posture monitoring tools
- Awareness of software supply chain risks including vulnerable dependencies, container image vulnerabilities, and secrets exposure
- Experience coordinating actions across technical teams and following up on remediation activities
- Ability to review security findings and organise them into clear, actionable tracking and reporting outputs
- Strong attention to detail in risk tracking, issue management, and governance documentation
- Familiarity with enterprise security frameworks and control-based compliance approaches
- Good communication and stakeholder engagement skills when working across engineering, development, and security teams
- Ability to work in a structured, process-driven environment with multiple stakeholders and competing priorities
Click on Apply to know more.