Mashreq - Cloud Security Architect - Threat Modeling

Description :

We are seeking a highly skilled and experienced Cloud Security Architect who will also primarily contribute in Cloud Security Governance initiatives.

The ideal candidate will possess a strong blend of technical expertise, strategic thinking, and leadership capabilities to design, implement, and govern secure cloud environments aligned with organizational objectives .

As a key member of the second line of defense (LOD-2), This person will ensure robust cloud security policies, frameworks, and best practices are implemented across the organization.

This person will collaborate with cross-functional teams, including Technology, compliance, risk management, and business units, to drive security governance while aligning with regulatory and business requirements.

Key Responsibilities :

- Design and implement secure cloud architectures across multi-cloud environments (e.g., AWS, Azure, GCP).

- Assess and integrate cloud-native security controls and technologies, ensuring optimal protection for critical assets.

- Provide expert guidance on secure application and infrastructure development in the cloud.

- Conduct cloud threat modeling, risk assessments, and vulnerability assessments to identify and mitigate risks.

- Collaborate with DevOps teams to ensure secure CI/CD pipelines and promote secure coding practices.

- Develop and maintain cloud security policies, standards, and frameworks aligned with industry standards (e.g, ISO 27001, NIST, CSA CCM).

- Establish governance processes to monitor and enforce compliance with cloud security policies.

- Evaluate and implement cloud compliance automation tools to ensure adherence to regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS).

- Conduct regular cloud security audits and assessments to identify gaps and drive continuous improvement.

- Act as the primary liaison for cloud security governance with internal and external stakeholders.

- Define the strategic roadmap for cloud security and governance, aligning with organizational goals.

- Lead cross-functional teams to build a security-first culture within the cloud ecosystem.

- Stay updated with emerging cloud security trends, threats, and technologies, recommending proactive measures.

Qualifications :

- Bachelors or masters degree in computer science, Information Security, Cybersecurity, or a related discipline.

- 8-10 years of hands-on experience in IT and cybersecurity, with at least 5+ years in cloud security architecture and governance.

Experience, skills and Certifications :

- Total experience in Cybersecurity 8-10 years.

- Experience in cloud security 4-6 Years.

- Experience in the banking or financial services industry.

- Experience implementing security governance frameworks and managing cloud compliance programs.

- Proven experience in leading and influencing diverse technical and non-technical teams.

- Proven experience in DevSecOps, automation, and continuous integration/deployment (CI/CD) security practices.

- Strong experience with programming/scripting languages (e.g., Python, Terraform, ARM) for automation and security integration.

- Knowledge of container security and orchestration (e.g, Docker, Kubernetes).

- Proficiency in Information security concepts.

Skills :

- Strong understanding of cloud security tools CNAPP, SSPM, KSPM, SASE).

- Hands-on experience with infrastructure-as-code (IaC) tools (e., Terraform, CloudFormation) and security of IaaC.

- In-depth knowledge of industry standards and regulations (PCI-DSS, ISO 27001, NIST, CSA, GDPR, HIPAA, etc.

- Strong understanding of risk management and mitigation strategies for cloud environments.

- Strong problem-solving and analytical skills in cloud environment.

- Excellent communication skills for interacting with development and operations teams and presenting findings to senior management.

- Familiarity with security-focused DevOps tools (e., Jenkins, GitLab CI, Docker, Kubernetes).

- Ability to align security initiatives with business objectives and articulate ROI of security investments