Job Purpose
We are seeking a highly skilled and experienced Senior Cloud Security Architect who will also primarily contribute to Cloud Security Governance initiatives. The ideal candidate will possess a strong blend of technical expertise, strategic thinking, and leadership capabilities to design, implement, and govern secure cloud environments aligned with organizational objectives.As a key member of the second line of defense (LOD-2), This person will ensure robust cloud security policies, frameworks, and best practices are implemented across the organization. This person will collaborate with cross-functional teams, including Technology, compliance, risk management, and business units, to drive security governance while aligning with regulatory and business requirements
Key result Areas
- Design and implement secure cloud architectures across multi-cloud environments (e.g., AWS, Azure, GCP).
- Assess and integrate cloud-native security controls and technologies, ensuring optimal protection for critical assets.
- Provide expert guidance on secure application and infrastructure development in the cloud.
- Conduct cloud threat modeling, risk assessments, and vulnerability assessments to identify and mitigate risks.
- Collaborate with DevOps teams to ensure secure CI / CD pipelines and promote secure coding practices.
- Develop and maintain cloud security policies, standards, and frameworks aligned with industry standards (e.g., ISO 27001, NIST, CSA CCM).
- Establish governance processes to monitor and enforce compliance with cloud security policies.
- Evaluate and implement cloud compliance automation tools to ensure adherence to regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS).
- Conduct regular cloud security audits and assessments to identify gaps and drive continuous improvement.
- Act as the primary liaison for cloud security governance with internal and external stakeholders
- Define the strategic roadmap for cloud security and governance, aligning with organizational goals.
- Lead cross-functional teams to build a security-first culture within the cloud ecosystem.
- Stay updated with emerging cloud security trends, threats, and technologies, recommending proactive measures.
- Provide executive-level reporting on cloud security posture, risks, and mitigation strategies.
- Mentor and guide junior team members, fostering a culture of continuous learning and improvement.
Knowledge, Skills and Experience
Experience :
Total experience in Cybersecurity 12-15 years.Experience in cloud security 6-8 YearsExperience in the banking or financial services industry.Experience implementing security governance frameworks and managing cloud compliance programsProven experience in leading and influencing diverse technical and non-technical teams.Proven experience in DevSecOps, automation, and continuous integration / deployment (CI / CD) security practices.Strong experience with programming / scripting languages (e.g., Python, Terraform, ARM) for automation and security integration.Knowledge of container security and orchestration (e.g., Docker, Kubernetes).Proficiency in Information security concepts.Skills :
Strong understanding of cloud security tools CNAPP, SSPM, KSPM, SASE).Hands-on experience with infrastructure-as-code (IaC) tools (e.g., Terraform, CloudFormation) and security of IaaC.In-depth knowledge of industry standards and regulations (PCI-DSS, ISO 27001, NIST, CSA, GDPR, HIPAA, etc.).Strong understanding of risk management and mitigation strategies for cloud environmentsStrong problem-solving and analytical skills in cloud environment.Excellent communication skills for interacting with development and operations teams and presenting findings to senior management.Familiarity with security-focused DevOps tools (e.g., Jenkins, GitLab CI, Docker, Kubernetes).Ability to align security initiatives with business objectives and articulate ROI of security investments.Certifications :
Cloud-specific : AWS Certified Security Specialist, Azure Security Engineer Associate, Google Professional Cloud Security Engineer.Governance and risk : CISM, CRISC.Security : CISSP, CCSP.DevOps : Certified Kubernetes Administrator (CKA), DevSecOps Practitioner.