IND - Lead Engineer, Infrastructure

This is a technical position that requires 5+ years of industry experience, along with an engineering mindset to analyze and identify governance, risk, and compliance (GRC) gaps and build maintainable standards and solutions. At The Hartford, our AWS and GCP cloud presence is rapidly expanding, and you will have a direct impact on shaping the GRC standards across our multi-cloud portfolio.  

You will have the opportunity to design, build, and innovate GRC-related solutions that enhance enterprise cloud computing while strengthening security and compliance. The ideal candidate is passionate about engineering, whether it involves identifying simple solutions or solving complex problems to support our enterprise adoption of AWS and GCP services. This role is responsible for administrating, managing, and optimizing resource usage, costs, and adoption across both AWS and GCP at the enterprise level.   

Responsibilities:  

• Contribute as a subject matter expert to the development, implementation, and maintenance of Cloud GRC procedures and frameworks across AWS and GCP environment. 

• Actively engineer and implement compliance and security controls to enable internal developers to succeed with AWS and GCP cloud products. 

• Collaborate with engineering, product, and other business units to ensure regulatory control requirements are translated into understandable language that is informed by the organization’s current security practices and standards. 

• Partner with Security, Business application owners, IT Infrastructure, IT application owners and IT architecture to ensure controls are operating effectively and informing on decision making to minimize risk. 

• Identify, engineer, and support automation to facilitate compliance with Governance Risk and Compliance (GRC) requirements for both preventative and detective controls including but not limited to reviewing Infrastructure as code. 

• Incorporate governance, risk, and security controls into new cloud services and offerings by engaging in planning and change review processes. 

• Integrate AI governance principles into Cloud GRC frameworks to ensure responsible and compliant use of AI services in AWS and GCP. 

• Integrate Governance Risk and Compliance (GRC) toolsets into enterprise capabilities including Continuous Integration and Continuous Deployment pipelines, IT Service Management tooling, and Data Warehouse Platforms.   

• Support teams in creating and implementing remediation plans to resolve compliance gaps across cloud environments. 

• Develop and sustain procedures that integrate audit and compliance activities into routine operations to ensure continuous readiness. 

• Lead the planning and execution of third-party risk assessments and audits to ensure compliance with enterprise GRC standards. 

• Deliver transparency through actionable scorecards and relevant operational metrics and KPIs to communicate compliance and risk status. 

Qualifications:  

• Bachelor's Degree in Computer Science, Engineering or related degree and 5+ years of cloud account administration, compliance and security experience in AWS and/or GCP. 

• Hands-on expertise in systems, software, or IT administration, including responsibility for evaluating, identifying and implementing technical security controls in cloud environments. 

• Strong knowledge of identity and access management in AWS and/or GCP, including best practices for roles, policies, and permission boundaries. 

• Skilled in implementing risk and control frameworks and driving process improvements to support governance objectives. 

• Proven ability to support and execute internal and external audit processes, addressing findings and maintaining compliance. 

• Experience with Cloud Security standards and frameworks including NIST, CIS, Cloud provider specific best practices etc.  

• Understanding of Configuration Management process, goals, and practices for cloud resources.  

• Proficiency in AWS & GCP security and governance services and Cloud Security Posture Management (CSPM) tools, with the ability to monitor, assess, and remediate compliance risks across AWS and GCP environments. Key services include but are not limited to IAM, ControlTower, CloudTrail, KMS. 

• Experience with enterprise log aggregation, search, alerting, and monitoring tools such as Splunk.  

• Familiarity with foundational  IT concepts and their implementation in a hybrid cloud environment, including networking, encryption, logging, monitoring, etc.  

• Working experience with Continuous Integration and Continuous Deployment concepts, inclusive of source code management, automated build and deployment through pipelines, artifact management, security scanning, and best practices for leveraging Infrastructure as Code (IaC).  

• Proficiency in, creating, reviewing, and implementing best practices for leveraging Infrastructure as Code in various languages including but not limited Python, Powershell, CloudFormation (AWS), Terraform (AWS & GCP Providers) etc. 

• Strong written and verbal communication skills.