Cloud Security & Governance Consulting

Job Title: Cloud Security & Governance Consulting

Location: Remote

Duration: 6-month contract to start, ideally C2H

Environment Overview

• Currently a lean team (2 resources) supporting the environment
• Organization is maturing its security posture, with new tools and capabilities being introduced that will need ongoing integration and alignment

Current / Target Security Stack

• Primary focus on Microsoft ecosystem:
• Defender (actively transitioning away from Arctic Wolf)
• Entra ID for identity security and governance
• Azure Policy as a key control mechanism across the environment
• Nice-to-have / supplemental tools:
• Zscaler

Key Focus Areas

• Security standardization and integration as new tools are introduced
• Identity governance and access control (Entra ID)
• Cloud governance and compliance enforcement (Azure Policy)
• SOC 2 readiness and overall audit/compliance maturity

2 people in the Cloud Sec team + a VCISO

Hard Requirements

• Azure Policies
• EntraID, Defender, Zscaler is a plus
• SOC 2 readiness

D2D:

• Policy management and controls within their Cyber Products
• Building Policy Docs
• Audit readiness and framework strengthening

Primary Purpose:
We are looking for Cloud Security & Governance consulting support to help strengthen Azure security, governance, and compliance readiness as more workloads move into Azure.

This resource or partner engagement should help ensure the environment remains secure, governed, audit-ready, and aligned to cloud best practices as migration and modernization continue.

Key Responsibilities:

• Assist with Azure Policy design, review, and implementation
• Support Defender for Cloud rollout and recommendation review
• Review Entra access, privileged roles, and identity governance controls
• Support secure configuration review across Azure subscriptions
• Assist with logging, monitoring, and security visibility standards
• Support compliance evidence gathering and audit readiness
• Help establish post-migration security validation process
• Identify security gaps and prioritize remediation recommendations
• Support governance model for subscriptions, tagging, access, and policy enforcement
• Provide recommendations for scalable cloud security operations

Required Skills:

• Azure security and governance experience
• Defender for Cloud experience
• Azure Policy experience
• Entra ID security and access governance experience
• Cloud logging, monitoring, and security baseline experience
• Experience with secure configuration reviews
• Experience supporting compliance or audit readiness
• Ability to provide clear remediation recommendations and documentation

Preferred Skills:

• SOC 2 readiness experience
• Healthcare, PBM, or regulated industry experience
• Zscaler or zero-trust access experience
• Microsoft Sentinel exposure
• Experience building cloud governance frameworks