Staff Cloud Security Architect (Global Security)

Royal Bank of CanadaCalgary, AB
Onsite

About The Position

The Staff, Cloud Security Architect will lead the design, engineering, and delivery of cloud security solutions across RBC's enterprise environment with primary focus on Azure, multi-cloud Kubernetes (AKS, EKS, OpenShift), and AI infrastructure platforms. This role owns end-to-end security architecture and hands-on implementation, drives enterprise-scale operationalization of Wiz CNAPP, embeds security into CI/CD pipelines and infrastructure-as-code, and partners with Regulatory, Compliance, and Audit functions to ensure controls meet OSFI and industry standards. The ideal candidate combines deep technical expertise with a delivery mindset equally comfortable whiteboarding architecture and writing the Terraform to implement it and thrives in a fast-paced environment securing cloud platforms at scale.

Requirements

  • 7+ years of demonstrated experience in Cyber Security, with 5+ years focused on cloud security architecture and engineering
  • Deep hands-on expertise with Microsoft Azure security (Defender for Cloud, Entra ID, Azure Policy, Network Security Groups, Private Link, Key Vault)
  • Strong experience securing Kubernetes at scale across at least two of: AKS, EKS, or OpenShift Container Platform including admission controllers, OPA/Gatekeeper/Kyverno, service mesh security, and runtime protection
  • Hands-on experience with Wiz CNAPP (or equivalent CNAPP platform) in a large enterprise environment, including policy authoring, risk scoring, and integration with ticketing/remediation workflows
  • Experience securing CI/CD pipelines and infrastructure-as-code GitHub Actions, terraform (including Sentinel/OPA policy), container image pipelines, artifact signing, and SBOM generation
  • Demonstrated ability to work with regulatory and audit functions (OSFI, SOX, PCI-DSS, SOC 2) to map cloud security controls to comply with requirements and produce audit-ready evidence
  • Demonstrated ability to operate as both a security architect and hands-on practitioner willing to roll up sleeves and write IaC, policy-as-code, automation scripts, or pipeline configurations when needed, not solely a design-and-delegate role
  • Experience making architectural decisions based on simplicity, industry frameworks, scalability, and reusability
  • Ability to partner effectively with key stakeholders on complex programs with excellent communication, facilitation, and presentation skills

Nice To Haves

  • Experience securing cloud infrastructure for AI/ML workloads GPU-enabled VMs/node pools, high-bandwidth networking, large-scale storage, and managed AI platform services from a compute, network, and identity perspective
  • Experience with GCP security (Security Command Center, Cloud Armor, VPC Service Controls, IAM, Chronicle) multi-cloud breadth across Azure, AWS, and GCP is an asset
  • Kubernetes certifications (CKS, CKA) or Wiz certifications
  • Azure security certifications (AZ-500, SC-100) or equivalent cloud certifications
  • Industry certifications (CISSP, CCSP, CCSK)
  • Experience with runtime security tooling (Falco, Prisma Cloud Compute, Aqua, or Wiz Runtime Sensor)
  • Familiarity with software supply chain security frameworks (SLSA, NIST SSDF, Sigstore)
  • Strong understanding of security technologies: CNAPP, CSPM, CWPP, CIEM, SIEM, WAF, API security, IAM, secrets management, PKI, and zero-trust networking
  • Undergraduate degree in a technical field or equivalent experience

Responsibilities

  • Lead the design, implementation, and maturation of Azure cloud security architecture across RBC's enterprise environment, serving as the primary security subject matter expert for Azure-native services, identity, networking, and data protection controls
  • Architect and drive security strategy for multi-cloud Kubernetes platforms (AKS, EKS, and OpenShift Container Platform), including cluster hardening, admission control, runtime security, image assurance, network policy, secrets management, and workload identity
  • Define and implement security controls for cloud infrastructure supporting AI/ML workloads across public and private platforms, including compute provisioning, networking, storage, identity, and platform services (Microsoft Foundry / Azure OpenAI Service, AWS Bedrock, SageMaker infrastructure)
  • Lead the enterprise deployment and operationalization of Wiz CNAPP, including CSPM, CWPP, CIEM, DSPM, and container/Kubernetes security capabilities driving policy-as-code, risk prioritization, and remediation workflows at scale
  • Embed security into CI/CD pipelines and software supply chain (GitHub Actions, Terraform, ArgoCD, Helm) through automated scanning, policy enforcement, IaC security validation, and shift-left developer tooling
  • Architect, engineer, and deploy cloud security solutions end-to-end owing the full lifecycle from design through implementation, testing, and production delivery — and partner with DevSecOps teams for ongoing control development, automation, and operational deployment at scale
  • Partner with Regulatory, Compliance, and Audit teams to ensure cloud security controls satisfy OSFI, SOX, PCI-DSS, and internal risk frameworks translating regulatory expectations into technical control implementations and evidence automation
  • Conduct threat modeling, security architecture assessments, and cloud service security reviews to ensure alignment with industry best practices and RBC's risk appetite
  • Build automated reporting, monitoring, and feedback mechanisms that enable development teams to identify and remediate security gaps early in the development lifecycle
  • Communicate and collaborate across engineering, platform, and application teams to drive remediation of security vulnerabilities and configuration drift
  • Lead, execute, and deliver on Cloud Security strategy and initiatives with measurable outcomes

Benefits

  • bonuses
  • flexible benefits
  • competitive compensation
  • commissions
  • stock where applicable
  • world-class training program in financial services
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service