About the job

As a part of the CISO Risk and Compliance organization, the Cloud CISO Public Sector team supports Google Cloud by managing risks, ensuring accountability, defining and enforcing compliance standards, monitoring controls, and collaborating with stakeholders to meet evolving security, privacy and compliance requirements.

In this role, you will provide the mandatory separation of duties ensuring that our security controls are not just designed correctly, but are operating effectively in practice. You will sit at the intersection of engineering and compliance, validating technical controls through rigorous testing and evidence gathering. You will be the primary defender of our compliance posture during external audits, translating engineering data into audit-proof evidence. Your vigilance in monitoring for insider threats and maintaining audit readiness is key to sustaining our trusted status with government customers.

Google Cloud accelerates every organization’s ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.

The Canada base salary range for this full-time position is CAD 162,000-166,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.

Please note that the compensation details listed in Canada role postings reflect the base salary only, and do not include bonus, equity, or benefits. Learn more about benefits at Google.

Responsibilities

• Execute walkthroughs and sampling of security controls to validate operating effectiveness, providing security control assessment and validation separate from the engineering build team.

• Maintain an audit-ready evidence repository and lead the response to external government assessments.

• Sustain authorization posture through continuous monitoring, annual assessments, and change management processes aligned with government requirements.

• Manage remediation plans and track the resolution of control deficiencies.

• Perform Control Operating Effectiveness testing aligned with IT Audit methodologies (e.g., ISO 27001, SOC 2) applied to Government of Canada frameworks.

Minimum qualifications

• Bachelor's degree in Information Systems, Accounting, Business, or equivalent practical experience.

• 8 years of experience in IT Audit, Compliance, or Risk Management.

• Experience performing Security Control Assessment and Control Operating Effectiveness testing.

• Ability to obtain a Top Secret security clearance.

Preferred qualifications

• Certifications such as CISA, CCSP, CISSP, or CIA.

• Experience with IT Audit methodologies (e.g., ISO 27001, SOC 2, CSA STAR).

• Experience managing Remediation Plans or Plan of Action and Milestones (PoA&M) tracking.

• Familiarity with Insider Threat indicators and physical access log reviews.

• Knowledge of Government of Canada regulatory instruments, with the ability to operationalize TBS policies and directives related to security, privacy, and information management.