AVP – Cloud and Digital Security

Job Purpose

We are seeking a highly skilled and experienced Senior Cloud Security Architect who will also primarily contribute in Cloud Security Governance initiatives. The ideal candidate will possess a strong blend of technical expertise, strategic thinking, and leadership capabilities to design, implement, and govern secure cloud environments aligned with organizational objectives. As a key member of the second line of defense (LOD-2), This person will ensure robust cloud security policies, frameworks, and best practices are implemented across the organization. This person will collaborate with cross-functional teams, including Technology, compliance, risk management, and business units, to drive security governance while aligning with regulatory and business requirements.

Key Responsibilities

Design and implement secure cloud architectures across multi-cloud environments (e.g., AWS, Azure, GCP).
Assess and integrate cloud-native security controls and technologies, ensuring optimal protection for critical assets.
Provide expert guidance on secure application and infrastructure development in the cloud.
Conduct cloud threat modeling, risk assessments, and vulnerability assessments to identify and mitigate risks.
Collaborate with DevOps teams to ensure secure CI/CD pipelines and promote secure coding practices.
Develop and maintain cloud security policies, standards, and frameworks aligned with industry standards (e.g., ISO 27001, NIST, CSA CCM).
Establish governance processes to monitor and enforce compliance with cloud security policies.
Evaluate and implement cloud compliance automation tools to ensure adherence to regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS).
Conduct regular cloud security audits and assessments to identify gaps and drive continuous improvement.
Act as the primary liaison for cloud security governance with internal and external stakeholders.
Define the strategic roadmap for cloud security and governance, aligning with organizational goals.
Lead cross-functional teams to build a security-first culture within the cloud ecosystem.
Stay updated with emerging cloud security trends, threats, and technologies, recommending proactive measures.
Provide executive-level reporting on cloud security posture, risks, and mitigation strategies.
Mentor and guide junior team members, fostering a culture of continuous learning and improvement.

Qualifications

Bachelor’s or master’s degree in computer science, Information Security, Cybersecurity, or a related discipline.
12-15 years of hands-on experience in IT and cybersecurity, with at least 8+ years in cloud security architecture and governance.

Decision Making Authority & Responsibility

Strategic Planning and Innovation: Lead strategic planning and innovation in security solutions and technologies, including evaluations and Proof of Concept (PoC) activities related to Cloud security posture enhancement.
Security Metrics and Oversight: Monitor and analyze key security metrics related to Cloud security governance to ensure effective management and alignment with cloud security alerts and event monitoring and response standards.
Policy and Strategy Development: Guide the development and refinement of cloud security policies, procedures and guidelines to ensure alignment with regulatory requirements and organizational goals.
High-Level Collaboration and Leadership: Collaborate with senior management, vendor personnel, and other teams to achieve cloud security objectives and drive strategic initiatives.

Experience, Skills and Certifications

Total experience in Cybersecurity 12-15 years.
Experience in cloud security 6-8 Years
Experience in the banking or financial services industry.
Experience implementing security governance frameworks and managing cloud compliance programs
Proven experience in leading and influencing diverse technical and non-technical teams.
Proven experience in DevSecOps, automation, and continuous integration/deployment (CI/CD) security practices.
Strong experience with programming/scripting languages (e.g., Python, Terraform, ARM) for automation and security integration.
Knowledge of container security and orchestration (e.g., Docker, Kubernetes).
Proficiency in Information security concepts
Strong understanding of cloud security tools CNAPP, SSPM, KSPM, SASE).
Hands-on experience with infrastructure-as-code (IaC) tools (e.g., Terraform, CloudFormation) and security of IaaC.
In-depth knowledge of industry standards and regulations (PCI-DSS, ISO 27001, NIST, CSA, GDPR, HIPAA, etc.).
Strong understanding of risk management and mitigation strategies for cloud environments.
Strong problem-solving and analytical skills in cloud environment.
Excellent communication skills for interacting with development and operations teams and presenting findings to senior management.
Familiarity with security-focused DevOps tools (e.g., Jenkins, GitLab CI, Docker, Kubernetes).
Ability to align security initiatives with business objectives and articulate ROI of security investments
Cloud-specific: AWS Certified Security Specialist, Azure Security Engineer Associate, Google Professional Cloud Security Engineer.
Governance and risk: CISM, CRISC.
Security: CISSP, CCSP.
DevOps: Certified Kubernetes Administrator (CKA), DevSecOps Practitioner.