Job Title:
AVP - Cloud and Digital Security
Department:
Information Security Group (ISG)
Reports To:
VP - Head of Cloud and Digital Security
Type: REMOTE
Duration: 3 months, possibility to extend.
Job Purpose:
We are looking for a highly skilled and experienced Senior Cloud Security Architect to lead initiatives in Cloud Security Architecture and Governance. This strategic role is part of the Second Line of Defense (LOD-2) and is crucial in designing, implementing, and governing secure, compliant, and resilient cloud environments across the organization.
The ideal candidate combines deep technical expertise with strategic foresight and leadership, ensuring that our cloud platforms align with security best practices, regulatory frameworks, and business goals. This role requires extensive collaboration across IT, risk management, compliance, and business units to maintain strong cloud security governance and drive organizational resilience in a multi-cloud environment.
Key Responsibilities:
- Design and implement secure architectures across multi-cloud platforms (AWS, Azure, GCP).
- Integrate and assess cloud-native security controls for critical asset protection.
- Guide secure application and infrastructure development in cloud environments.
- Conduct threat modeling, cloud risk assessments, and vulnerability analysis.
- Collaborate with DevOps teams to secure CI/CD pipelines and encourage secure coding.
- Develop cloud security policies, standards, and frameworks (ISO 27001, NIST, CSA CCM).
- Establish governance mechanisms to monitor and enforce cloud security compliance.
- Evaluate and integrate cloud compliance automation tools (e.g., GDPR, HIPAA, PCI-DSS).
- Conduct regular audits and assessments to identify gaps and drive improvements.
- Act as a primary liaison for cloud security governance internally and externally.
- Define a strategic roadmap for cloud security in alignment with business objectives.
- Lead initiatives to promote a security-first culture within the cloud ecosystem.
- Track emerging threats, trends, and tools; recommend and implement improvements.
- Provide executive-level reporting on cloud security posture and risk mitigation.
- Mentor junior staff and promote a culture of continuous learning and excellence.
Qualifications:
- Education: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Security, or related fields.
- Experience: 12-15 years in IT and Cybersecurity, with at least 8+ years in Cloud Security Architecture and Governance.
- Industry: Prior experience in banking or financial services is preferred.
Decision Making Authority & Strategic Responsibilities:
- Strategic Planning: Lead PoCs and strategic innovation to enhance cloud security posture.
- Security Metrics Oversight: Track and analyze cloud governance metrics; ensure alignment with response protocols.
- Policy Development: Drive updates to cloud security policies to meet evolving regulatory and organizational needs.
- Leadership & Collaboration: Work closely with executive leadership, vendors, and cross-functional teams.
Skills and Experience:
Technical Expertise:
- Strong knowledge of CNAPP, SSPM, KSPM, and SASE solutions.
- Hands-on experience with IaC tools (Terraform, CloudFormation).
- Deep understanding of regulatory frameworks: ISO 27001, NIST, CSA, PCI-DSS, HIPAA, GDPR.
- Experience with security-focused DevOps tools: Jenkins, GitLab CI, Docker, Kubernetes.
- Scripting and automation proficiency (Python, Terraform, ARM templates).
- Expertise in container security and orchestration (Docker, Kubernetes).
Leadership & Soft Skills:
- Strong analytical and problem-solving abilities in complex cloud environments.
- Excellent communication and presentation skills for technical and non-technical audiences.
- Proven ability to align security efforts with business objectives and demonstrate ROI.
Certifications (Preferred):
- Cloud Security: AWS Certified Security - Specialty, Azure Security Engineer Associate, Google Cloud Security Engineer.
- Governance/Risk: CISM, CRISC.
- General Security: CISSP, CCSP.
- DevOps: Certified Kubernetes Administrator (CKA), DevSecOps Practitioner.
What We Offer:
- Competitive salary with a comprehensive benefits package.
- Opportunities for leadership development and career advancement.
- Access to cutting-edge technologies and resources in cybersecurity.
- Collaborative, inclusive, and innovation-driven work culture.
- Professional development support, including certifications.
- High-impact role in shaping the cloud security posture of a major organization.