Cloud Security & Compliance Architect

Role Summary

The Cloud Security & Compliance Architect designs and governs security and compliance across hybrid environments, including AWS, Azure, and on-premise infrastructure. This role ensures consistent security controls, regulatory compliance, and risk management across hybrid infrastructure platforms while enabling teams to move fast and safely.

Key Responsibilities

Hybrid Security Architecture

• Design end-to-end security architectures spanning AWS, Azure, and on-premise platforms.
• Define security standards for identity, networking, encryption, logging, and protection across hybrid environments.
• Ensure secure connectivity (VPN, ExpressRoute, Direct Connect) between cloud and on-prem systems.
• Review architecture and designs for security risks and compliance alignment.

Identity & Access Management

• Architect unified identity strategies (Azure AD / Entra ID, AD, IAM).
• Implement least-privilege access, RBAC, and privileged access management.
• Integrate SSO and MFA across cloud and on-prem platforms.

Compliance & Risk Management

• Translate regulatory and internal requirements (ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR, NIST) into technical controls.
• Lead hybrid cloud audits, risk assessments, and evidence collection.
• Maintain control mappings across cloud and on-prem technologies.
• Partner with legal, privacy, and risk teams on compliance initiatives.

DevSecOps & Automation

• Embed security and compliance controls into CI/CD pipelines.
• Promote infrastructure-as-code (Terraform, ARM/Bicep, CloudFormation) with security guardrails.
• Automate compliance monitoring, vulnerability management, and remediation.
• Integrate security tooling across cloud and on-prem platforms.

Security Operations & Monitoring

• Define centralized logging, monitoring, and alerting across hybrid environments.
• Integrate SIEM/SOAR solutions for cloud and on-prem visibility.
• Support incident response, investigations, and root-cause analysis.
• Improve detection and response capabilities across platforms.

Governance & Advisory

• Establish hybrid cloud security governance, policies, and standards.
• Act as a trusted advisor to engineering, infrastructure, and leadership teams.
• Evaluate and recommend cloud and hybrid security tools and vendors.
• Drive security awareness and best practices across teams.

Required Qualifications

• 8+ years of experience in security architecture, cloud security, or compliance.
• Hands-on experience securing AWS, Azure, and on-prem infrastructure.
• Strong knowledge of networking, IAM, encryption, and endpoint security.
• Experience with compliance frameworks and audits (ISO 27001, SOC 2, PCI DSS, HIPAA, NIST).
• Experience with hybrid identity (AD, Entra ID), networking, and connectivity.
• Strong documentation and stakeholder communication skills.

Preferred Qualifications

• Certifications: CISSP, CCSP, AWS Security Specialty, Azure Security Engineer.
• Experience with CSPM, SIEM, EDR, and vulnerability management tools.
• Knowledge of zero-trust and defense-in-depth architecture.
• Experience in highly regulated or enterprise environments.

Equal Opportunity Employer Statement

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability.

Key skills/competency

Cloud Security, Compliance, Hybrid Cloud, AWS, Azure, On-premise Infrastructure, Identity and Access Management, DevSecOps, Risk Management, Security Architecture