AWS Service Adoption Risk Consultant

Overview

Infinitive is a data & AI consultancy that enables global brands to deliver results through insights, innovation, and efficiency. We possess deep industry and technology expertise to drive and sustain adoption of new capabilities. We match our people and personalities to our clients' culture while bringing the right mix of talent and skills to enable high return on investment. Infinitive has been named “Best Small Firms to Work For” by Consulting Magazine eight times, and has also been named a Washington Post Top Workplace, Washington Business Journal Best Places to Work, and Virginia Business Best Places to Work.

About The Role

We are seeking a Cloud & AWS Service Adoption Risk Consultant to support clients in evaluating the security, compliance, operational, and business risks associated with onboarding and scaling new cloud and SaaS services. In this role, you will leverage hands-on AWS experience to assess inherent risk, analyze controls, identify gaps, and produce clear, well-reasoned recommendations. This role requires technical literacy across the AWS ecosystem, risk/control evaluation, structured thinking, and strong documentation skills.

Key Responsibilities

AWS & Technical Expertise

• Practical AWS Assessment:
  Leverage hands-on experience with AWS services (IAM, EC2, S3, VPC, Lambda, Cloud Trail, KMS) to evaluate the security posture of proposed cloud architectures
• Service Risk Evaluation:
  Understand the inherent risks associated with specific AWS service types and SaaS integrations (API-driven workflows, cross-account roles, data residency)
• Configuration Analysis:
  Identify misconfigurations within AWS environments and explain how they deviate from the AWS Well-Architected Framework or introduce enterprise risk
• Security-by-Design:
  Apply secure-by-design principles and control frameworks to new cloud services to ensure they are resilient and compliant before deployment

Risk & Governance

• Develop or refine cloud/SaaS adoption frameworks, risk scoring models, and tiering methodologies specifically for AWS environments
• Ensure adoption decisions align with enterprise policies (e.g., authentication standards, encryption requirements, data retention)
• Partner with Enterprise Architecture to confirm alignment with security patterns and AWS-specific integration standards

Stakeholder Engagement

• Facilitate risk review meetings across Info Sec, Legal, Procurement, Privacy, and Architecture
• Translate complex AWS technical findings into clear business impact and decision options for non-technical stakeholders

Required Qualifications

• 4+ years of experience in cloud security, third-party risk, SaaS vendor evaluations, or cybersecurity consulting
• Hands-on
  
  Experience:
  
  Direct experience configuring, managing, or auditing AWS services (e.g., managing IAM policies, S3 bucket permissions, or VPC security groups)
• AWS Certification:
  Must hold at least one active AWS Certification (e.g., AWS Certified Solutions Architect – Associate or AWS Certified Security – Specialty)
• Documentation Literacy:
  Experience reviewing vendor security documentation (SOC reports, CAIQ/CSA, ISO 27001, FedRAMP packages) and mapping them to cloud controls
• Communication:
  Strong stakeholder facilitation skills—able to synthesize and present risk recommendations clearly to leadership

Preferred Qualifications

• Experience working within regulated industries (Financial Services, Healthcare, or Public Sector)
• Advanced understanding of frameworks such as NIST CSF, ISO 27001, SOC, or CSA CCM/STAR
• Additional certifications such as CCSK, CCSP, CISA, or CRISC
• Prior consulting experience or experience with Infrastructure as Code (IaC) risk reviews (e.g., Terraform or Cloud Formation templates)