The Cloud Cloud Chief Information Security Officer (CISO) Public Sector team is part of the CISO Risk and Compliance organization. The Risk and Compliance team supports Google Cloud by managing risks, ensuring accountability, defining and enforcing compliance standards, monitoring controls, and collaborating with stakeholders to meet evolving security, privacy and compliance requirements.
The Cloud CISO team ensures government and regulated industries can confidently use Google Cloud for workloads with strict security and residency requirements.
As the Security and Compliance Lead, you will bridge the gap between complex hyperscale cloud development and Government of Canada security frameworks and control profiles.
In this role, you will be responsible for the end-to-end accreditation package, ensuring that Google Cloud infrastructure meets the statutory requirements of the Government of Canada. You will work horizontally across product teams to translate technical reality into compliance authority, negotiating directly with government authorizing officials to enable the delivery of critical services.
Google Cloud accelerates every organization’s ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.
The Canada base salary range for this full-time position is CAD 194,000-199,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
Please note that the compensation details listed in Canada role postings reflect the base salary only, and do not include bonus, equity, or benefits. Learn more about benefits at Google.
Responsibilities
- Ensure in-scope Google Cloud information systems meet government of Canada requirements to obtain and maintain Authorization to Operate (ATO).
- Own the comprehensive security assessment and authorization (SA&A) lifecycle, including the security requirements traceability matrix (SRTM) system security plan (SSP), security assessment reports (SAR) and any other documentation required to maintain ongoing security authorization.
- Manage the plan of action and milestones (POA&M) to track and remediate vulnerabilities identified during the security assessment process.
- Lead initiatives to leverage Artificial Intelligence (AI) and automation to scale the security assessment and authorization (SA&A) process, identify opportunities to reduce operational toil in evidence collection and control mapping.
Qualifications
Minimum qualifications:
- Bachelor's degree in Computer Science, Information Security, or equivalent practical experience.
- 8 years of experience in security development, risk management, or compliance.
- Experience managing Security Assessment and Authorization (SA&A) lifecycles for the government of Canada systems.
- Active, or the ability to obtain, a Top Secret security clearance.
Preferred qualifications:
- Certifications such as CISSP, CCSP, CISM, or CAP.
- Experience in ITSG-33 security control profiles and Treasury Board (TBS) policy instruments.
- Experience identifying and managing risks with government assessment and authorization experts, business owners, or lead security agencies.
- Ability to author system security plans (SSP) and security requirements check lists (SRCL).
- Excellent communication skills with the ability to translate complex technical concepts into policy-compliant language for executive stakeholders.