Key skills
AWSAzureCloudGoogle Cloud PlatformSDLCAIMLGCPGoogle CloudKubernetesIAMCI/CDLeadershipChange ManagementNetwork SecurityCloud Security
About this role
Role Overview
- Responsible to act as the first line of defense for technology risk across our SDLC and cloud environments.
- The role focuses on embedding practical security and compliance controls into CI/CD pipelines, applications, and cloud infrastructure, working closely with DevOps, Platform, and Security teams to ensure adherence to internal policies and key industry standards (ISO 27001, SOC 2, NIST, CIS).
- The ideal candidate brings strong conceptual understanding of DevSecOps and cloud security, even if not hands‑on in every technology stack.
Requirements
- Lead first‑line technology compliance for DevOps and cloud platforms, ensuring security and compliance considerations are built into design, development, and deployment processes.
- Define and refine secure SDLC and DevSecOps practices, including integration of security checks into CI/CD pipelines and change management workflows.
- Work with engineering and cloud teams to maintain secure baselines for infrastructure, IAM, network security, and data protection across at least one major cloud provider (AWS/Azure/GCP).
- Review infrastructure‑as‑code, architecture proposals, and deployment patterns for alignment with security standards and internal policies.
- Establish and track key compliance metrics (e.g., vulnerabilities, configuration drift, access exceptions, policy deviations) and report them to technology and risk leadership.
- Coordinate and support internal and external audits (e.g., ISO 27001, SOC 2), including evidence collection, gap remediation tracking, and control owner engagement.
- Own and update first‑line policies, standards, and runbooks related to secure SDLC, DevSecOps, and cloud security; drive adoption through reviews and governance forums.
- Provide guidance and coaching to engineering leads on security and compliance best practices, simplifying requirements into actionable controls.
- (Nice to have) Contribute to governance patterns for AI/ML services and data used in AI solutions, working with data and AI teams.
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- SDLC
Benefits
- Certifications
- CISSP, CISM, or CCSP
- One relevant cloud security / cloud professional certification:
- AWS Security Specialty, AWS Solutions Architect (Associate/Professional)
- Azure Security Engineer Associate
- GCP Professional Cloud Security Engineer
- ISO 27001 Lead Implementer / Lead Auditor or equivalent practitioner‑level certification
- Security+ / CySA+ or similar foundational security certification
- Any DevSecOps / Kubernetes / container security certification
- Any AI / Responsible AI / data protection‑oriented certification