Key skills
AWSAzureGCPKubernetesSaaSSDLCLeadershipProject ManagementRisk ManagementOKRsCollaborationNetwork SecurityCloud SecurityZero Trust
About this role
Cencora is committed to creating healthier futures and is seeking a Senior Director of Cloud Security to lead the global strategy, architecture, engineering, and governance of cloud security. This role is responsible for securing multi-cloud environments and ensuring compliance while building partnerships across technology teams and information security organizations.
Responsibilities:
- Define and execute the enterprise cloud security strategy aligned to corporate risk appetite and regulatory requirements
- Establish cloud security reference architectures, guardrails, and design patterns
- Lead cloud security governance across AWS, Azure, GCP, and strategic SaaS providers
- Own cloud security policy framework and control standards (aligned to NIST
- Present cloud risk posture and roadmap to executive leadership and key stakeholders
- Lead cloud security architecture for:
- Landing zones and platform engineering
- Identity and access management (including zero trust)
- Network security and segmentation
- Encryption and key management
- Container/Kubernetes security
- API security
- Cloud-native application protection
- Establish secure-by-design and DevSecOps integration models in collaboration with Application Security Engineering and Secure SDLC engineers
- Drive an automation first infrastructure-as-code and policy-as-code strategy in partnership with Platform Engineering and Application Security Engineering
- Oversee and partner w/global support partners CSPM, CWPP, CNAPP, DSPM, SSPM and related platforms
- Drive critical alignment and integration w/engineering and delivery leaders supporting capabilities such as CIEM, CASB, and SSE
- Partner with SOC and Cyber Defense Engineering for cloud threat detection and response integration
- Oversee cloud logging, telemetry, and SIEM/SOAR integration
- Partner with Cyber Defense Engineering on the creation, validation, and testing of cloud incident response engineering playbooks
- Partner with Risk Management and other key stakeholders to establish vulnerability management and misconfiguration remediation pipelines
- Track and reduce enterprise cloud risk metrics
- Secure multi-cloud architectures across AWS, Azure, GCP
- Ensure consistent controls across on-prem, private cloud, and SaaS ecosystems
- Support M&A integrations and divestitures with cloud security assessments and rapid control deployment
- Ensure compliance with global regulatory regimes (e.g., HIPAA, GDPR, SOX, FDA/GxP where applicable)
- Enable audit readiness and continuous control monitoring
- Partner with Legal and Privacy on data residency and cross-border cloud risks
- Build and lead a global team of cloud security architects and engineers
- Develop succession planning and technical career paths
- Establish KPIs, OKRs, and performance dashboards
- Enterprise financial management and planning experience
- Foster collaboration with platform engineering, SRE, and DevOps teams
- Follows information security trends within and outside of work with executive leadership to strategize and recommend changes and updates to company
Requirements:
- Master's Degree in Business Administration, Computer Science, Information Technology or any other related discipline or equivalent related experience
- 12+ years of directly-related or relevant experience with 8+ years in a managerial capacity, preferably in information security
- Define and execute the enterprise cloud security strategy aligned to corporate risk appetite and regulatory requirements
- Establish cloud security reference architectures, guardrails, and design patterns
- Lead cloud security governance across AWS, Azure, GCP, and strategic SaaS providers
- Own cloud security policy framework and control standards (aligned to NIST)
- Present cloud risk posture and roadmap to executive leadership and key stakeholders
- Establish secure-by-design and DevSecOps integration models in collaboration with Application Security Engineering and Secure SDLC engineers
- Drive an automation first infrastructure-as-code and policy-as-code strategy in partnership with Platform Engineering and Application Security Engineering
- Oversee and partner with global support partners CSPM, CWPP, CNAPP, DSPM, SSPM and related platforms
- Drive critical alignment and integration with engineering and delivery leaders supporting capabilities such as CIEM, CASB, and SSE
- Partner with SOC and Cyber Defense Engineering for cloud threat detection and response integration
- Oversee cloud logging, telemetry, and SIEM/SOAR integration
- Partner with Cyber Defense Engineering on the creation, validation, and testing of cloud incident response engineering playbooks
- Partner with Risk Management and other key stakeholders to establish vulnerability management and misconfiguration remediation pipelines
- Track and reduce enterprise cloud risk metrics
- Secure multi-cloud architectures across AWS, Azure, GCP
- Ensure consistent controls across on-prem, private cloud, and SaaS ecosystems
- Support M&A integrations and divestitures with cloud security assessments and rapid control deployment
- Ensure compliance with global regulatory regimes (e.g., HIPAA, GDPR, SOX, FDA/GxP where applicable)
- Enable audit readiness and continuous control monitoring
- Partner with Legal and Privacy on data residency and cross-border cloud risks
- Build and lead a global team of cloud security architects and engineers
- Develop succession planning and technical career paths
- Establish KPIs, OKRs, and performance dashboards
- Enterprise financial management and planning experience
- Foster collaboration with platform engineering, SRE, and DevOps teams
- Follows information security trends within and outside of work with executive leadership to strategize and recommend changes and updates to company
- Certified Cloud Security Professional (CCSP)
- Certified Information Systems Security Professional (CISSP)
- Certification in Information Security Strategy Management (CISM)
- Microsoft Certified: Cybersecurity Architect Expert (SC-100)
- Information Technology Infrastructure Library (ITIL)
- Offensive Security Certified Professional (OSCP)
- Project Management Professional (PMP) Certification