Staff Cloud Security Architect (Global Security)

About The Position

Requirements

• 7+ years of demonstrated experience in Cyber Security, with 5+ years focused on cloud security architecture and engineering
• Deep hands-on expertise with Microsoft Azure security (Defender for Cloud, Entra ID, Azure Policy, Network Security Groups, Private Link, Key Vault)
• Strong experience securing Kubernetes at scale across at least two of: AKS, EKS, or OpenShift Container Platform including admission controllers, OPA/Gatekeeper/Kyverno, service mesh security, and runtime protection
• Hands-on experience with Wiz CNAPP (or equivalent CNAPP platform) in a large enterprise environment, including policy authoring, risk scoring, and integration with ticketing/remediation workflows
• Experience securing CI/CD pipelines and infrastructure-as-code GitHub Actions, terraform (including Sentinel/OPA policy), container image pipelines, artifact signing, and SBOM generation
• Demonstrated ability to work with regulatory and audit functions (OSFI, SOX, PCI-DSS, SOC 2) to map cloud security controls to comply with requirements and produce audit-ready evidence
• Demonstrated ability to operate as both a security architect and hands-on practitioner willing to roll up sleeves and write IaC, policy-as-code, automation scripts, or pipeline configurations when needed, not solely a design-and-delegate role
• Experience making architectural decisions based on simplicity, industry frameworks, scalability, and reusability
• Ability to partner effectively with key stakeholders on complex programs with excellent communication, facilitation, and presentation skills

Nice To Haves

• Experience securing cloud infrastructure for AI/ML workloads GPU-enabled VMs/node pools, high-bandwidth networking, large-scale storage, and managed AI platform services from a compute, network, and identity perspective
• Experience with GCP security (Security Command Center, Cloud Armor, VPC Service Controls, IAM, Chronicle)
• multi-cloud breadth across Azure, AWS, and GCP is an asset
• Kubernetes certifications (CKS, CKA) or Wiz certifications
• Azure security certifications (AZ-500, SC-100) or equivalent cloud certifications
• Industry certifications (CISSP, CCSP, CCSK)
• Experience with runtime security tooling (Falco, Prisma Cloud Compute, Aqua, or Wiz Runtime Sensor)
• Familiarity with software supply chain security frameworks (SLSA, NIST SSDF, Sigstore)
• Strong understanding of security technologies: CNAPP, CSPM, CWPP, CIEM, SIEM, WAF, API security, IAM, secrets management, PKI, and zero-trust networking
• Undergraduate degree in a technical field or equivalent experience

Responsibilities

• Lead the design, implementation, and maturation of Azure cloud security architecture across RBC's enterprise environment, serving as the primary security subject matter expert for Azure-native services, identity, networking, and data protection controls
• Architect and drive security strategy for multi-cloud Kubernetes platforms (AKS, EKS, and OpenShift Container Platform), including cluster hardening, admission control, runtime security, image assurance, network policy, secrets management, and workload identity
• Define and implement security controls for cloud infrastructure supporting AI/ML workloads across public and private platforms, including compute provisioning, networking, storage, identity, and platform services (Microsoft Foundry / Azure OpenAI Service, AWS Bedrock, SageMaker infrastructure)
• Lead the enterprise deployment and operationalization of Wiz CNAPP, including CSPM, CWPP, CIEM, DSPM, and container/Kubernetes security capabilities driving policy-as-code, risk prioritization, and remediation workflows at scale
• Embed security into CI/CD pipelines and software supply chain (GitHub Actions, Terraform, ArgoCD, Helm) through automated scanning, policy enforcement, IaC security validation, and shift-left developer tooling
• Architect, engineer, and deploy cloud security solutions end-to-end owing the full lifecycle from design through implementation, testing, and production delivery — and partner with DevSecOps teams for ongoing control development, automation, and operational deployment at scale
• Partner with Regulatory, Compliance, and Audit teams to ensure cloud security controls satisfy OSFI, SOX, PCI-DSS, and internal risk frameworks translating regulatory expectations into technical control implementations and evidence automation
• Conduct threat modeling, security architecture assessments, and cloud service security reviews to ensure alignment with industry best practices and RBC's risk appetite
• Build automated reporting, monitoring, and feedback mechanisms that enable development teams to identify and remediate security gaps early in the development lifecycle
• Communicate and collaborate across engineering, platform, and application teams to drive remediation of security vulnerabilities and configuration drift
• Lead, execute, and deliver on Cloud Security strategy and initiatives with measurable outcomes

Benefits

• bonuses
• flexible benefits
• competitive compensation
• commissions
• stock where applicable
• Leaders who support your development through coaching and managing opportunities
• Ability to make a difference and lasting impact
• Work in a dynamic, collaborative, progressive, and high-performing team
• A world-class training program in financial services
• Opportunities to do challenging work at the intersection of cloud, security, and AI
• Opportunities to take on progressively greater accountabilities