Senior Manager – Cloud Security

We are seeking a highly skilled and experienced Cloud Security Architect who will also primarily contribute in Cloud Security Governance initiatives. The ideal candidate will possess a strong blend of technical expertise, strategic thinking, and leadership capabilities to design, implement, and govern secure cloud environments aligned with organizational objectives .As a key member of the second line of defense (LOD-2), This person will ensure robust cloud security policies, frameworks, and best practices are implemented across the organization. This person will collaborate with cross-functional teams, including Technology, compliance, risk management, and business units, to drive security governance while aligning with regulatory and business requirements.

Key Responsibilities

• Design and implement secure cloud architectures across multi-cloud environments (e.g., AWS, Azure, GCP).
• Assess and integrate cloud-native security controls and technologies, ensuring optimal protection for critical assets.
• Provide expert guidance on secure application and infrastructure development in the cloud.
• Conduct cloud threat modeling, risk assessments, and vulnerability assessments to identify and mitigate risks.
• Collaborate with DevOps teams to ensure secure CI/CD pipelines and promote secure coding practices.
• Develop and maintain cloud security policies, standards, and frameworks aligned with industry standards (e.g., ISO 27001, NIST, CSA CCM).
• Establish governance processes to monitor and enforce compliance with cloud security policies.
• Evaluate and implement cloud compliance automation tools to ensure adherence to regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS).
• Conduct regular cloud security audits and assessments to identify gaps and drive continuous improvement.
• Act as the primary liaison for cloud security governance with internal and external stakeholders
• Define the strategic roadmap for cloud security and governance, aligning with organizational goals.
• Lead cross-functional teams to build a security-first culture within the cloud ecosystem.
• Stay updated with emerging cloud security trends, threats, and technologies, recommending proactive measures.
• Provide executive-level reporting on cloud security posture, risks, and mitigation strategies.

Qualifications

• Bachelor’s or master’s degree in computer science, Information Security, Cybersecurity, or a related discipline.
• 8-10 years of hands-on experience in IT and cybersecurity, with at least 8+ years in cloud security architecture and governance.

Decision Making Authority & Responsibility

• Strategic Planning and Innovation:
• Contributed actively in security solutions and technologies, including evaluations and Proof of Concept (PoC) activities related to Cloud security posture enhancement.
• Security Metrics and Oversight:
• Monitor and analyze key security metrics related to Cloud security governance to ensure effective management and alignment with cloud security alerts and event monitoring and response standards.
• Policy and Strategy Development:
• Develop and refinement of cloud security policies, procedures and guidelines to ensure alignment with regulatory requirements and organizational goals.

Experience, skills and Certifications

Experience:

• Total experience in Cybersecurity 8-10 years.
• Experience in cloud security 4-6 Years
• Experience in the banking or financial services industry.
• Experience implementing security governance frameworks and managing cloud compliance programs
• Proven experience in leading and influencing diverse technical and non-technical teams.
• Proven experience in DevSecOps, automation, and continuous integration/deployment (CI/CD) security practices.
• Strong experience with programming/scripting languages (e.g., Python, Terraform, ARM) for automation and security integration.
• Knowledge of container security and orchestration (e.g., Docker, Kubernetes).
• Proficiency in Information security concepts.

Skills:

• Strong understanding of cloud security tools CNAPP, SSPM, KSPM, SASE).
• Hands-on experience with infrastructure-as-code (IaC) tools (e.g., Terraform, CloudFormation) and security of IaaC.
• In-depth knowledge of industry standards and regulations (PCI-DSS, ISO 27001, NIST, CSA, GDPR, HIPAA, etc.).
• Strong understanding of risk management and mitigation strategies for cloud environments
• Strong problem-solving and analytical skills in cloud environment.
• Excellent communication skills for interacting with development and operations teams and presenting findings to senior management.
• Familiarity with security-focused DevOps tools (e.g., Jenkins, GitLab CI, Docker, Kubernetes).
• Ability to align security initiatives with business objectives and articulate ROI of security investments.

Certifications:

• Cloud-specific: AWS Certified Security Specialist, Azure Security Engineer Associate, Google Professional Cloud Security Engineer.
• Governance and risk: CISM, CRISC.
• Security: CISSP, CCSP.
• DevOps: Certified Kubernetes Administrator (CKA), DevSecOps Practitioner.