Lead Architect

KyndrylToronto, ON
Hybrid

About The Position

Kyndryl is seeking a passionate and driven IT/Cloud Consultant to join our team and break out of the hierarchy to rewrite the rules for what comes next. This role offers a ground-floor opportunity with a brand-new platform with unstoppable growth potential. The Lead Architect will own the target architecture for the enterprise Policy-as-Code platform, including OPA Control Plane (OCP) / Enterprise OPA (EOPA) policy lifecycle management, versioning, distribution, and auditability, as well as CI/CD and Terraform Cloud Run Task integrations. They will define and govern architecture standards, patterns, and principles for Policy-as-Code on Google Cloud Platform, lead architectural decision-making, and maintain Architecture Decision Records (ADRs) with full traceability. Ensuring designs are scalable, modular, cloud-agnostic, and aligned with enterprise governance constraints is crucial. The role also involves designing and implementing the Policy-as-Code governance model, including policy ownership, domain boundaries, contribution workflows, enforcement modes, and promotion lifecycles, ensuring alignment with financial services regulatory requirements and internal controls. Support for architecture and security governance forums is also expected. The Lead Architect will architect a modular Policy-as-Code framework, define policy authoring, testing, enforcement, and release pipelines, and architect CI/CD and automation patterns using GitHub Actions. Integration approaches for Terraform Cloud, Kubernetes admission control, centralized decision logging, and external enterprise systems will be defined. Migration strategies for legacy policies and controlled rollouts will be overseen. The role requires providing technical leadership to platform engineers, policy engineers, and DevSecOps specialists, acting as the primary technical escalation point, translating business and compliance requirements into technical designs, and fostering collaboration between teams. As an IT/Cloud Consultant, the individual will join the Kyndryl Consultant Profession, with opportunities for learning, training, and career growth.

Requirements

  • 5+ years of experience with Open Policy Agent (OPA) and Rego
  • Hands-on knowledge of Enterprise OPA (EOPA) capabilities (impact analysis, decision logging, bundle lifecycle)
  • 5+ years of experience with Terraform and Terraform Cloud
  • Terraform Cloud Run Tasks (design, enforcement, governance)
  • 5+ years of experience with GitHub Actions (advanced workflows, reusable workflows, automation patterns)
  • Pipeline-integrated validation and policy enforcement
  • 5+ years of experience with GCP in regulated environments
  • Kubernetes policy enforcement (OPA Gatekeeper)
  • 5+ years of experience policy decision logging, ingestion, analytics, and reporting
  • 5+ years of experience Designing immutable, auditor-friendly evidence pipelines
  • Proven experience leading enterprise architecture designs in regulated industries
  • Strong understanding of Governance models
  • Strong understanding of Segregation of duties
  • Strong understanding of Audit and compliance requirements
  • Experience producing architecture artefacts: C4 diagrams, data flows, process flows
  • Experience producing architecture artefacts: ADRs and architecture review submissions
  • Experience delivering cloud platforms for financial services or regulated enterprises
  • Familiarity with Banking security posture expectations
  • Familiarity with Compliance-driven SDLC controls
  • Familiarity with Risk and control validation processes
  • Strong technical leadership and mentoring capabilities
  • Ability to influence without authority across multiple stakeholder groups
  • Excellent written and verbal communication skills
  • Comfortable engaging architecture boards, security teams, and executive stakeholders

Nice To Haves

  • Terratest and infrastructure-level policy validation
  • Release automation and promotion pipelines
  • Decision replay and regression analysis
  • Background in DevSecOps or platform engineering at scale
  • Experience designing policy frameworks used by multiple lines of business

Responsibilities

  • Own the target architecture for the enterprise Policy-as-Code platform, including OPA Control Plane (OCP) / Enterprise OPA (EOPA) Policy lifecycle management, versioning, distribution, and auditability.
  • Define and govern architecture standards, patterns, and principles for PaC on Google Cloud Platform.
  • Lead architectural decision-making and maintain Architecture Decision Records (ADRs) with full traceability.
  • Ensure designs are scalable, modular, cloud-agnostic, and aligned with enterprise governance constraints.
  • Design and implement the PaC governance model, including policy ownership and domain boundaries, contribution, review, approval, and escalation workflows, enforcement modes, and promotion lifecycle.
  • Ensure alignment with financial services regulatory requirements and internal controls (e.g., auditability, traceability, segregation of duties).
  • Support architecture and security governance forums (eARB, Security Advisory, TRA), including preparation of required artefacts.
  • Architect a modular PaC framework, including reusable Rego libraries and shared data contracts, cloud abstraction layers, and standardized repository and bundle structures.
  • Define policy authoring, testing, enforcement, and release pipelines, including Rego unit and regression testing, CI/CD-integrated validation and enforcement, and impact analysis.
  • Ensure policy enforcement is deterministic, auditable, and production-faithful.
  • Architect CI/CD and automation patterns using GitHub Actions, including reusable workflows and onboarding automation.
  • Define integration approaches for Terraform Cloud, Kubernetes admission control (OPA Gatekeeper), centralized decision logging and observability, and external enterprise systems.
  • Ensure strong separation between policy logic and enterprise system integrations.
  • Define migration strategies to transition legacy Terraform Cloud / OPA policies into the new PaC framework with functional equivalence.
  • Oversee controlled rollouts and enforcement promotion strategies to minimize operational risk.
  • Lead knowledge transfer, documentation strategy, and operational readiness to enable client teams to independently operate the platform.
  • Provide technical leadership to platform engineers, policy engineers, and DevSecOps specialists.
  • Act as the primary technical escalation point for complex design or enforcement issues.
  • Translate business and compliance requirements into clear, actionable technical designs.
  • Foster strong collaboration between architecture, security, platform, and delivery teams.

Benefits

  • Flexible, supportive environment where your well-being is prioritized
  • Investment in your learning, training, and career growth
  • Dynamic, hybrid-friendly culture
  • Be Well programs designed to support your financial, mental, physical, and social health
  • Access to cutting-edge learning opportunities—from certifications with Microsoft, Google, and Amazon to coaching and hands-on experiences
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service