Role : Cloud Security Governance
Key Responsibilities
Cloud Security Architecture & Engineering:
- Maintain secure Azure architectures aligned with Microsoft Cloud Adoption Framework (CAF) and industry best practices.
- Lead the implementation of security controls across Azure services, including encryption, network security, identity protection, and workload hardening.
- Ensure secure configuration baselines using tools such as Azure Policy, Defender for Cloud, Blueprints/Bicep, and Landing Zones.
- Oversee secure DevOps practices including CI/CD security, secret management, and vulnerability management.
Governance, Risk & Compliance
- Develop, implement, and maintain Azure governance frameworks covering identity, cost, resource management, data protection, and compliance.
- Establish and enforce governance rules through Azure Policy, RBAC, Conditional Access, and Privileged Identity Management (PIM).
- Lead risk assessments, cloud security posture reviews, and remediation planning.
- Ensure alignment with standards such as ISO 27001, NIST, CIS Benchmarks, PCI- DSS, and regulatory requirements (e.g., GDPR).
Identity & Access Management (IAM)
- Own the Azure identity and access governance model, ensuring principle of least privilege and role- based access.
- Oversee MFA, Conditional Access, PIM, and identity lifecycle procedures.
- Collaborate with security operations and identity teams to enhance identity resilience and threat detection.
Operational Security & Monitoring
- Drive continuous improvement of cloud security posture through monitoring, threat intelligence, and incident response readiness.
- Work with SOC teams to enhance alerting, detection, and response in Defender for Cloud and Sentinel.
- Lead security incident investigations related to Azure workloads and identities.
Strategy, Leadership & Stakeholder Engagement
Act as the subject matter expert (SME) for Azure security and governance across the team.
Provide guidance to engineering, operations, and project teams to embed secure- by- design principles.
Partner with architecture, infrastructure, and compliance teams to maintain coherence of cloud strategy.
Mentor junior staff and contribute to upskilling initiatives.
Required Skills & Experience
- 7+ years in cloud security, architecture, or governance roles, with at least 4 years hands on in Azure.
- Deep knowledge of Azure security services including:
- Defender for Cloud, Sentinel, Key Vault, App Gateway/WAF
- Azure Policy, RBAC, PIM, Conditional Access
- Azure Networking security (NSGs, ASGs, Firewall, Private Links)
- Strong understanding of Zero Trust architecture and secure- by- design methodologies.
- Practical experience building and maintaining Azure Landing Zones and governance frameworks.
- Strong understanding of regulatory and compliance frameworks (ISO 27001, CIS, NIST, GDPR).
- Demonstrable experience with Infrastructure- as- Code (Bicep, ARM, Terraform preferred).
- Excellent communication and stakeholder management skills with ability to translate complex security topics into business language.
Preferred Qualifications
- Microsoft Certified: Cybersecurity Architect Expert (SC- 100)
- Microsoft Certified: Azure Security Engineer Associate (AZ500)
- Microsoft Certified: Identity and Access Administrator (SC300)
- CISSP, CISM or equivalent industry certifications
- Experience leading cloud security transformations in large enterprise environments
(ref:hirist.tech)
