Cloud Security Compliance Specialist - Data Governance & Auditing
Cloud Security Compliance Specialist - Data Governance & Auditing
š¢ ABOUT THE COMPANY
Spotify was founded in 2006 by Daniel Ek and Martin Lorentzon, with a mission to unlock the potential of human creativity by giving artists the opportunity to share their talent with audiences around the world. Today, Spotify is one of the largest music streaming services globally, with over 400 million monthly active users. Our company culture is built on a foundation of collaboration, experimentation, and a commitment to innovation. We're a company that's always looking for ways to improve and innovate, and we're proud of our achievements in making music more accessible to everyone.
šÆ ROLE OVERVIEW
As a Cloud Security Compliance Specialist, you will be responsible for ensuring the security and compliance of Spotify's cloud infrastructure and data governance practices. You will work closely with our DevOps and Security teams to implement and maintain cloud security controls, conduct compliance assessments, and develop policies to ensure our data is secure and compliant with regulatory requirements. You will report directly to the Cloud Security Manager and will have the opportunity to make a significant impact on the security and compliance of our cloud infrastructure.
š KEY RESPONSIBILITIES
- Develop and maintain cloud security policies and procedures to ensure compliance with regulatory requirements.
- Conduct regular compliance assessments of our cloud infrastructure to identify vulnerabilities and areas for improvement.
- Work closely with our DevOps team to implement cloud security controls and ensure proper configuration and deployment of security features.
- Conduct security training and awareness programs for Spotify employees to ensure they understand our cloud security policies and procedures.
- Collaborate with our Security team to develop incident response plans and conduct regular security audits.
- Develop and maintain relationships with cloud vendors and service providers to ensure compliance with our cloud security policies and procedures.
- Collaborate with our Compliance team to ensure compliance with regulatory requirements and develop policies to ensure our data is secure.
- Develop and maintain documentation on our cloud security policies and procedures.
- Conduct risk assessments and develop mitigation plans to address identified security risks.
- Stay up-to-date with the latest cloud security trends and technologies and recommend improvements to our cloud security infrastructure.
- Collaborate with our Product teams to ensure our products are designed with security and compliance in mind.
- Conduct regular security reviews and assessments of our cloud infrastructure and applications.
- Develop and maintain a cloud security strategy that aligns with Spotify's overall business goals and objectives.
- Collaborate with our IT teams to ensure our cloud infrastructure is properly configured and deployed.
ā REQUIRED QUALIFICATIONS
- Minimum 5 years of experience in cloud security and compliance.
- Bachelor's degree in Computer Science, Information Security, or a related field.
- Strong knowledge of cloud security controls and compliance frameworks (e.g. SOC 2, HIPAA, GDPR).
- Experience with cloud security tools and technologies (e.g. AWS CloudFormation, Azure Security Center).
- Strong analytical and problem-solving skills.
- Excellent communication and interpersonal skills.
- Experience with compliance frameworks and regulations (e.g. GDPR, HIPAA).
- Strong knowledge of cloud computing platforms (e.g. AWS, Azure, Google Cloud).
- Ability to work in a fast-paced environment and prioritize multiple tasks and projects.
ā PREFERRED QUALIFICATIONS
- Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP) certification.
- Experience with cloud native security frameworks (e.g. Kubernetes, Docker).
- Strong knowledge of cloud security automation tools (e.g. Terraform, Ansible).
- Experience with security orchestration, automation, and response (SOAR) tools.
- Strong knowledge of compliance frameworks and regulations (e.g. PCI-DSS, FISMA).
- Experience with cloud security monitoring and incident response.
š° WHAT WE OFFER
We offer a competitive salary range of ā¬60,000 - ā¬80,000 per year, plus additional benefits including health insurance, a retirement plan, and 30 vacation days per year. We also offer a learning and development budget to support your professional growth and development, as well as a hybrid remote work policy that allows you to work from home or in our offices in Berlin or Munich. Our company culture is built on a foundation of collaboration, experimentation, and a commitment to innovation, and we're proud of our achievements in making music more accessible to everyone.
š„ ABOUT THE TEAM
You will be joining a small but dedicated team of cloud security professionals who are passionate about ensuring the security and compliance of Spotify's cloud infrastructure. As a team, we are collaborative, supportive, and always looking for ways to improve and innovate. We work closely with our DevOps and Security teams to ensure our cloud security policies and procedures are aligned with our overall business goals and objectives. We are a team that values diversity, equity, and inclusion, and we are committed to creating a work environment that is welcoming and inclusive for everyone.
šØ HOW TO APPLY
To apply for this position, please submit your resume and a cover letter explaining why you are a good fit for this role. We look forward to hearing from you! We expect to conduct interviews within the next 2-3 weeks, and we will be in touch with candidates to schedule interviews.
š Job Details
| Job Type | FULL TIME |
| Location | Berlin, DE |
| Address | Unter den Linden 15, 10117 |
| Salary | EUR 60,000 ā 80,000 / year |
| Industry | General |
| Company | Spotify |
| Valid Until | 2026-09-13 |
šØ How to Apply
Submit your updated CV and a brief cover letter to Spotify. Applications are reviewed on a rolling basis. Only shortlisted candidates will be contacted within 2 weeks of applying.