Manager - Cloud Compliances

Job Purpose

The Sovereign Cloud Compliance Manager is responsible for designing, implementing, and monitoring the regulatory compliance framework for sovereign cloud solutions across multiple jurisdictions. This role ensures that data hosting, processing, and operational access meet national, regional, and sector-specific data sovereignty requirements (e.g., EU & US wide regulations, India's DPDP Act). You will bridge the gap between technical infrastructure teams and legal requirements to ensure data remains secure, local, and compliant.

Key Responsibilities

Regulatory Mapping & Strategy:

Interpret complex, evolving international data privacy laws (GDPR, DORA, NIS2, US CLOUD Act) and translate them into actionable, technical security controls for sovereign environments. Compliance-by-Design:

Work with engineering and product teams to integrate security and compliance requirements into the cloud architecture lifecycle, ensuring data residency, metadata control, and access restrictions are met. Audit & Certification Management:

Own the preparation and execution of internal and external audits, including ISO 27001, SOC2, SecNumCloud, BSI-C5, or regional equivalents (e.g., IRAP, SAMA). Vendor & Operational Due Diligence:

Evaluate third-party providers and internal operational teams to ensure they adhere to local citizenship, security clearance, and residency requirements. Continuous Monitoring & Risk Mitigation:

Implement, document, and manage CAPA (Corrective and Preventive Actions) remediation plans for vulnerabilities and non-compliance findings. Data Sovereignty Governance:

Maintain a register of data flows, ensuring all data, metadata, and logs remain within authorized national boundaries. Stakeholder Liaison:

Act as the primary interface between legal, technical teams, risk management, and regulatory authorities.

Required Skills & Qualifications

Experience:

15+ years of experience in IT security, risk management, or compliance, with at least 4-5 years focused on cloud compliances. Sovereign Cloud Knowledge:

Deep understanding of sovereign cloud principles: Data Sovereignty, Operational Sovereignty, and Technology Sovereignty. Regulatory Knowledge:

Proficiency in regulatory and specific national data localization laws Technical Familiarity:

Knowledge of key cloud concepts: Bring-Your-Own-Key (BYOK), zero-trust architecture, and encryption methods. Certifications:

At least one of the following is required: CISSP, CISM, CISA, CRISC Analytical Skills:

Ability to analyze large volumes of technical data and identify key compliance themes.

Preferred Qualifications

Background in technical engineering with specialization in Law/Compliances will be preferred Experience with hybrid cloud and Multi Cloud Platform strategies.