Cybersecurity Architect - Cloud

Key Responsibilities

- Provide overall technical direction for cybersecurity strategy and architecture across a hybrid on-premise and cloud landscape.
- Design and maintain the Group’s cloud security reference architecture for AWS and hybrid environments, including landing zones, network security, identity, data protection, and workload security.
- Define cloud security standards, guardrails, and policies aligned with frameworks such as NIST CSF, CIS Benchmarks, ISO 27001, and CSA Cloud Controls Matrix; ensure these are adopted across all cloud deployments.
- Architect identity and access management (IAM) solutions for hybrid environments, including Entra ID, conditional access, privileged identity management (PIM), and zero-trust architecture principles.
- Lead cloud security posture management (CSPM) strategy using tools such as Microsoft Defender for Cloud, AWS Security Hub, or third-party CSPM platforms; drive continuous compliance monitoring and remediation.
- Design secure network architectures for cloud environments, including micro-segmentation, WAF, DDoS protection, private endpoints, service endpoints, and hybrid connectivity security (ExpressRoute / Direct Connect / VPN).
- Provide security architecture guidance for SAP RISE / S/4HANA cloud migration, M365 tenant hardening, and cloud-native application development (containers, serverless, API security).
- Develop an AI agentic-first security review and vulnerability management pipeline to strengthen security posture while enabling automation.
- Define and operationalise cloud security monitoring, detection, and response capabilities, integrating cloud logs and alerts into the Group’s SIEM/SOAR platform.
- Collaborate with Infrastructure/Network Operations on secure cloud landing zone deployment, Infrastructure as Code (IaC) security (Terraform, ARM), and DevSecOps pipeline integration (SAST, DAST, SCA).
- Provide technical leadership on cloud data protection, including encryption at rest and in transit, key management (AWS KMS), DLP policies, and data classification enforcement.
- Stay current with emerging cloud threats, vulnerabilities, and attack techniques; advise leadership on evolving risk posture and recommend mitigation strategies.

Qualifications & Requirements

- Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or a related field; Master’s degree is an advantage.
- Minimum 8–12 years of experience in cybersecurity, with at least 4 years focused on cloud security architecture across AWS or multi-cloud environments.
- Deep hands-on expertise in AWS security services.
- Strong knowledge of zero-trust architecture, identity-centric security models, PAM/PIM, and modern authentication protocols (OAuth 2.0, SAML, OpenID Connect).
- Practical experience with cloud-native security tooling, including CSPM, CWPP, CNAPP, CASB, and cloud DLP solutions.
- Familiarity with securing SAP cloud environments (SAP RISE, BTP) and M365 security & compliance features (Purview, Defender for Office 365).
- Strong understanding of IaC security (Terraform, CloudFormation), container security (Kubernetes, Docker), and DevSecOps practices.

Preferred Qualifications

- CISSP, CCSP, CCAK, or SABSA certification; AWS Certified Security – Specialty.
- Experience with regulatory compliance in multi-jurisdiction environments (PDPA, GDPR, SOX, industry-specific regulations).
- Background in securing OT/IT convergence environments or multi-industry conglomerates (manufacturing, plantations, FMCG, oil & gas).
- Experience with SIEM/SOAR platforms and threat intelligence integration.