Cloud Governance & Regulatory Compliance Engineer

Who We Are Looking For

StateStreet Alpha is seeking a mid-level cloud compliance architect to ensure that cloud security, operations, IAM, and infrastructure designs meet regulatory and compliance requirements. This role sits within the Operational Governance and Compliance (OGC) team under CRD/Alpha Cloud Enablement and Platform Governance, focusing on cloud operations, cloud security posture, governance automation, and regulatory alignment across Azure and AWS environments.

This is an excellent opportunity for to work at the intersection of cloud architecture, regulatory compliance, and governance automation, ensuring that CRD/Alpha's cloud-first strategy remains compliant with industry and global regulations.

Why This Role is Important

As part of Charles River Development (CRD) / State Street Alpha, this role will help define and implement cloud-native governance frameworks that meet compliance mandates from regulatory bodies. The role will assist team members in driving reusable architecture patterns and governance automation to ensure secure, compliant, and scalable cloud adoption in a highly regulated financial services environment.

What You Will Be Responsible For

Cloud Governance & Regulatory Compliance Oversight

·       Ensure cloud governance frameworks align with financial regulatory requirements.

·       Provide governance oversight on all operational activities and projects, ensuring compliance with regulatory and operational governance standards.

·       Document governance frameworks and controls to support regulatory audits and assessments.

·       Interface with internal audit and Office of COO Project Managers to help provide compliance evidence and documentation for all cloud operational activities.

Governance Automation & Compliance Controls

·       Develop and implement governance automation solutions to enforce compliance at scale.

·       Support continuous monitoring frameworks to proactively detect non-compliance in cloud deployments.

Cloud Security Posture and Vulnerability Management            Conduct periodic compliance assessments on cloud security posture across Azure and AWS

·       Provide governance oversight of Vulnerability Management by interfacing with SRE-VM (Site Reliability Engineering – Vulnerability Management) and BRM (Business Risk Management) teams.

·       Periodically review and assess container vulnerability reports for any compliance violations with a call to action where necessary.

What We Value

• Knowledge of cloud and platform governance, compliance, and regulatory frameworks such as (but not limited to) NIST, CIS, SOC-2, DORA, GDPR, CCPA
• Ability to align cloud security and operations strategies with financial services regulations.
• Hands-on experience with Azure and AWS governance and compliance tools (e.g., Azure Policy, AWS Config, Terraform).
• Knowledge of financial services industry regulations impacting cloud adoption and platform architecture.
• Experienced in using Risk Management Framework tools such as Archer for issues and controls management
• Ability to develop reusable patterns and templates for compliant cloud architecture.
• Strong communication skills and ability to conduct meetings with cross functional teams involving Information Security Officers, Platform Engineers, Compliance teams, and Business Risk Managers in addition to product engineers and heads.
• Strong technical writing and documentation skills for regulatory frameworks and audit reporting.

Salary Range:

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

State Street's Speak Up Line