Cloud Security Architect-Cloud & Platform Engineering
Scotiabank•Toronto, ON
•Onsite
About The Position
The Cloud Security Architect ensures continuity and maturity of Cloud Security and CNAPP architecture, including CSPM, CIEM, CWPP, and IaC controls, which are foundational to securing bank's cloud platforms. This strategic senior role owns day‑to‑day architecture decisions, platform integrations, and risk-driven design aligned with enterprise security standards.
Requirements
- Demonstrated experience in cloud security architecture across GCP, Azure, or AWS, including deep understanding of cloud platform services and enterprise-scale design patterns.
- Proven experience designing, implementing, and scaling CNAPP capabilities (such as CSPM, CWPP, CIEM, IaC scanning) in production-grade cloud environments.
- Hands-on experience integrating DevSecOps controls into CI/CD pipelines such as GHA, Jenkins, including secure infrastructure provisioning using tools such as Terraform Cloud.
- Strong understanding of cryptography, IAM, data protection and Network architecture
- Strong experience designing and implementing security controls aligned to frameworks such as NIST and CIS.
- Experience with cloud-native workload security: containers/Kubernetes (e.g., GKE,AKS,EKS) and runtime controls (CWPP-style).
- Familiarity with common security toolchain integrations (e.g., CNAPP, SSPM, SAST/DAST, logging/monitoring).
- Strong architecture communication: writing reference architectures, diagrams, and decision records; influencing stakeholders across security/engineering/risk.
- Certifications or equivalent depth (e.g., CISSP, CCSP) and comfort operating in regulated / audit-driven environments.
Nice To Haves
- Experience working in Agentic AI applications is an asset.
Responsibilities
- Lead CNAPP architecture & rollout across multi-cloud and Hybrid solutions, including integration patterns and operationalization design.
- Design multi-cloud / hybrid security solutions covering data protection, IAM, and threat management for enterprise workloads and global user base.
- Define security controls through policy as Code (e.g., OPA, CNAPP tool's OOTB policies, Cloud Fabric policies), aligned to enterprise standards and design its integrations points to ensure posture security, vulnerability management and remediation workflows are in place.
- Define and publish Security Reference Architectures and reusable patterns (secure-by-design) for engineering adoption across platforms and products.
- Partner with platform engineering / DevSecOps teams to integrate scanning and controls into CI/CD (e.g., Terraform Cloud, GitHub Actions, Azure DevOps), including risk decisions and exceptions.
- Own cloud security architecture artifacts (diagrams, deep dives, capability views) and communicate target/current state to stakeholders.
- Provide advisory and architecture reviews (TRA / governance forums), identify gaps, recommend pragmatic remediation, and align to delivery timelines.
- Support audit and compliance evidence through control documentation, traceability to NIST / CSA / CIS, and responses for internal/external reviews.
- Coordinate cloud security integrations requiring network/service-boundary controls) for vendor/tool onboarding.
- Define enterprise AI security reference architectures
Benefits
- Upskilling through online courses, cross-functional development opportunities, and tuition assistance.
- Competitive Rewards program including bonus, flexible vacation, personal, sick days, and benefits will start on day one.
- Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
