Data Centre Security Compliance Public Sector Specialist

About The Position

Requirements

• 3-6 years working in Security Compliance, Information Security, or Risk Management.
• Deep familiarity with all NIST 800-53 control families and FedRAMP requirements
• Ability to work closely with auditors and articulate technical concepts
• Experience in auditing of network, operating system, and application security
• Proven experience managing an audit throughout the full audit lifecycle (from readiness to final report)
• Familiarity with additional security standards and frameworks such as ISO 27000, SOC 2, PCI DSS, ISMAP and IRAP.
• Ability to work cross-functionally with internal stakeholders and strong communications skills
• High tolerance for ambiguity and ability to work efficiently and independently in a fast-paced, high-volume environment
• Some travel may be required to engage with regulators and auditors
• Certifications: CISSP, CIPP, CIPM, CIPT, CISA, or CRISC.
• A relevant professional experience working with technology partners, alliances, or third-party vendors, ideally in the following disciplines: Data center Security Compliance, Access Management, audit administration at a leading high-tech company; offering management
• Technical skills including the ability to understand (1) product roadmaps; (2) market trends and factors; and (3) complex partner requirements.
• Strong technical proficiency with spreadsheet software (Excel/Google Sheets) including pivot tables and VLOOKUPs for data reconciliation.
• Organized & Disciplined, with a strong focus on driving outcomes

Nice To Haves

• Prior experience with Data Centre Security Compliance disciplines and audit programs and past history working at a hyperscaler or high-growth tech company.
• Superb organizational skills and demonstrated history managing complex processes including audit cycles, Facts gathering and analytical skills.

Responsibilities

• Public Sector & Compliance Governance
• Serve as the Subject Matter Expert (SME) on NIST 800-53 control families and FedRAMP requirements.
• Manage Cloudflare’s continuous monitoring program, inclusive of annual assessments and significant change requests.
• Collect, validate, and organize FedRAMP evidence and artifacts to present to auditors, FedRAMP customers, and the FedRAMP PMO.
• Help guide our overall security policy and governance architecture to ensure alignment with evolving government regulations.
• Audit Lifecycle Management
• Orchestrate end-to-end audit activities for standards such as PCI, SOC2, ISO, NIST, and FedRAMP.
• Coordinate with auditors to manage data center access, compliance certificate collection, and evidence defense.
• Work cross-functionally with Engineering, Legal, Product, and Operational teams to maintain management and technical controls.
• Support compliance and regulatory projects, including implementation of new legislation / regulation.
• Identity & Access Management (IAM) Operations
• Execute monthly Periodic Access Reviews (PARs): Compare portal user lists against ACLs to ensure least-privilege access is maintained across all data centers.
• Manage the lifecycle of portal access: Auditing access, provisioning/deprovisioning users, and maintaining accurate documentation.
• Oversee physical access requests to data centers and ensure strict adherence to security policies.
• Drive the resolution of daily DCSC Jira tickets for portal access, physical access, audits, and site decommissioning.
• Automate and streamline access review processes where possible, utilizing standard communication templates to site managers.
• Partner Relations & Reporting
• Own, influence, and orchestrate relationships within the partner Offering teams that can help drive Cloudflare offerings and strategic positioning.
• Monitor and implement changes to individual accountability regime requirements (such as UK, Ireland, Singapore and Australia).
• Maintain centralized documentation, databases, dashboards, and reporting mechanisms to track compliance health.