Cloud Security Architect (Information Security Executive Advisor)

About The Position

Requirements

• BS/BA in Information Technology or related field of study
• A minimum of 10 years’ experience in systems administration and security aspects of information systems, access management and network security technologies, network communications, computer networking, telecommunications, systems development and management, hardware, software, data, and people
• Experience with multiple technical and business disciplines required
• Any combination of education and experience, which would provide an equivalent background

Nice To Haves

• 8+ years of IT/security experience with at least 3–5 years focused on cloud security highly preferred.
• Deep hands-on experience with AWS security services (IAM, KMS, GuardDuty, Security Hub, WAF, Shield) and Azure security services (Microsoft Defender, Sentinel, Key Vault, Entra ID) highly preferred.
• Strong understanding of Cloud networking (VPCs/VNets, private endpoints, segmentation), Identity and access management principles, Encryption, key management, and secrets management highly preferred
• Experience with DevSecOps tools and CI/CD pipelines highly preferred.
• Knowledge of security frameworks (NIST, CIS Benchmarks, OWASP, Zero Trust) highly preferred.
• Relevant certifications AWS Certified Security – Specialty, Microsoft Certified: Azure Security Engineer Associate (or Architect Expert), CISSP, CCSP, or equivalent highly preferred.
• Experience with Kubernetes security (EKS/AKS), Infrastructure-as-Code (Terraform, ARM, Bicep, CloudFormation) and Cloud Security Posture Management (CSPM) tools highly preferred.
• Experience working in regulated industries (finance, healthcare, etc.) highly preferred.
• Strategic thinking and architectural design experience preferred.
• Strong communication and stakeholder engagement experience preferred.
• Problem-solving and risk management experience preferred.
• Ability to balance security with business agility preferred.

Responsibilities

• Designs and enforces secure cloud architecture patterns for AWS and Azure environments.
• Develops references architectures, guardrails, and best practices aligned with enterprise security policies.
• Evaluates and recommends cloud-native and third-party security solutions.
• Defines and drives cloud security strategy, standards, and frameworks (e.g., Zero Trust, DevSecOps).
• Ensures alignment with regulatory and compliance requirements (e.g., ISO 27001, SOC 2, NIST).
• Establishes security baselines, policies, and architectural reviews.
• Architects secure IAM strategies including least privilege, RBAC, ABAC, and federation.
• Implements identity governance across AWS and Azure (Azure AD/Entra ID, IAM roles, policies).
• Designs solutions for data encryption (at rest/in transit), key management (KMS, Azure Key Vault), and data classification.
• Ensures secure data handling across services, including storage, databases, and analytics platforms.
• Secures compute platforms (VMs, containers, serverless) using best practices and tooling.
• Implements security controls for Kubernetes (EKS/AKS), including runtime protections.
• Architects and integrates logging, monitoring, and SIEM/SOAR solutions (e.g., Sentinel, Security Hub, Defender).
• Supports incident response planning and cloud-specific threat modeling.
• Integrates security into CI/CD pipelines through automated testing, scanning, and policy enforcement.
• Guides teams on secure coding practices and infrastructure-as-code (IaC) security.
• Conducts cloud risk assessments, threat modeling, and security reviews.
• Supports audits and ensures continuous compliance posture.
• Partners with application, infrastructure, and security teams to drive secure adoption.
• Mentors engineers and influences security culture across the organization.
• Establishes architecture oversight and planning for information and network security technologies.
• Leads development of an information security risk management program that includes business, regulatory, industry practices and technical environment considerations.
• Establishes strategic vendor relationships for security products and services.
• Develops enterprise-wide security incident response plans and strategies that includes integration with business, compliance, privacy, and legal constituents and requirements.
• Provides advanced level engineering design functions.
• Provides trouble resolution and serves as point of technical escalation on complex problems.
• Creates presentations and seeks IT and business management approval and acceptance of significant replacements or reconfigurations of major security technologies serving the enterprise.
• Provides technical guidance and leadership to the technical engineers within the organization.
• Participates in the design of the enterprise architecture.
• Proposes opportunities to improve results based on targeted or continuous assessment.
• Researches relevant trends and activities in healthcare, business, competition, and regulatory environments.
• Recommends strategy adjustments.
• Participates in enterprise planning activity, including vendor assessment, technology platform selection and retirement, prioritization and integration.

Benefits

• merit increases
• paid holidays
• Paid Time Off
• incentive bonus programs
• medical
• dental
• vision
• short and long term disability benefits
• 401(k) +match
• stock purchase plan
• life insurance
• wellness programs
• financial education resources