AVP Cloud Security

Job PurposeWe are seeking a highly skilled and experienced Senior Cloud Security Architect who will also primarily contribute to Cloud Security Governance initiatives. The ideal candidate will possess a strong blend of technical expertise, strategic thinking, and leadership capabilities to design, implement, and govern secure cloud environments aligned with organizational objectives.As a key member of the second line of defense (LOD-2), This person will ensure robust cloud security policies, frameworks, and best practices are implemented across the organization. This person will collaborate with cross-functional teams, including Technology, compliance, risk management, and business units, to drive security governance while aligning with regulatory and business requirementsKey result Areas- Design and implement secure cloud architectures across multi-cloud environments (e.g., AWS, Azure, GCP). - Assess and integrate cloud-native security controls and technologies, ensuring optimal protection for critical assets. - Provide expert guidance on secure application and infrastructure development in the cloud. - Conduct cloud threat modeling, risk assessments, and vulnerability assessments to identify and mitigate risks. - Collaborate with DevOps teams to ensure secure CI/CD pipelines and promote secure coding practices. - Develop and maintain cloud security policies, standards, and frameworks aligned with industry standards (e.g., ISO 27001, NIST, CSA CCM). - Establish governance processes to monitor and enforce compliance with cloud security policies. - Evaluate and implement cloud compliance automation tools to ensure adherence to regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS). - Conduct regular cloud security audits and assessments to identify gaps and drive continuous improvement. - Act as the primary liaison for cloud security governance with internal and external stakeholders - Define the strategic roadmap for cloud security and governance, aligning with organizational goals. - Lead cross-functional teams to build a security-first culture within the cloud ecosystem. - Stay updated with emerging cloud security trends, threats, and technologies, recommending proactive measures. - Provide executive-level reporting on cloud security posture, risks, and mitigation strategies. - Mentor and guide junior team members, fostering a culture of continuous learning and improvement.Knowledge, Skills and ExperienceExperience:- Total experience in Cybersecurity 12-15 years. - Experience in cloud security 6-8 Years - Experience in the banking or financial services industry. - Experience implementing security governance frameworks and managing cloud compliance programs - Proven experience in leading and influencing diverse technical and non-technical teams. - Proven experience in DevSecOps, automation, and continuous integration/deployment (CI/CD) security practices. - Strong experience with programming/scripting languages (e.g., Python, Terraform, ARM) for automation and security integration. - Knowledge of container security and orchestration (e.g., Docker, Kubernetes). - Proficiency in Information security concepts.Skills:- Strong understanding of cloud security tools CNAPP, SSPM, KSPM, SASE). - Hands-on experience with infrastructure-as-code (IaC) tools (e.g., Terraform, CloudFormation) and security of IaaC. - In-depth knowledge of industry standards and regulations (PCI-DSS, ISO 27001, NIST, CSA, GDPR, HIPAA, etc.). - Strong understanding of risk management and mitigation strategies for cloud environments - Strong problem-solving and analytical skills in cloud environment. - Excellent communication skills for interacting with development and operations teams and presenting findings to senior management. - Familiarity with security-focused DevOps tools (e.g., Jenkins, GitLab CI, Docker, Kubernetes). - Ability to align security initiatives with business objectives and articulate ROI of security investments.Certifications:- Cloud-specific: AWS Certified Security Specialist, Azure Security Engineer Associate, Google Professional Cloud Security Engineer. - Governance and risk: CISM, CRISC. - Security: CISSP, CCSP. - DevOps: Certified Kubernetes Administrator (CKA), DevSecOps Practitioner.