Director, Cloud Security Architecture & Engineering

Time Type

Full time

Remote Type

Job Family Group

Information Technology

Job Description Summary

Job Description

Job Overview

We are seeking an experienced Director, Cloud Security Architecture and Engineering to serve as a hands‑on leader, providing both strategic direction and active technical contribution.

This role will lead and work alongside a cloud security architecture and engineering team, directly designing, implementing, and evolving a multi‑cloud, hybrid security architecture across AWS, Azure, multiple SaaS providers, and operational technology environments.

This role follows a flexible hybrid schedule, with two days per week in the office and three days working from home. This role can be performed from any Breakthru Beverage Office Location.

Job Responsibilities

Cloud Security Architecture and Engineering

• Own and evolve the enterprise cloud security architecture across AWS, SaaS platforms, hybrid infrastructure, applications, networking, and operational technologies, ensuring alignment with business strategy and risk tolerance.

• Define and implement AWS‑native security architectures including identity, encryption, network segmentation, logging, detection, and governance capabilities, to enable secure and scalable cloud adoption.

• Support the re‑architecture and migration of Azure workloads to AWS, ensuring security‑by‑design principles are embedded throughout the migration lifecycle.

• Design, implement and enforce Zero Trust security models to ensure protection of cloud and hybrid environments.

Integration & Engineering Collaboration

• Integrate AWS with enterprise security platforms such as Zscaler, Splunk, and Beyond Trust to enable centralized visibility, control and response.

• Collaborate with Dev Ops and cloud infrastructure teams to embed security into Dev Ops pipelines, leveraging automation for vulnerability management, code scanning, configuration validation and continuous compliance.

• Support the establishment and oversee cloud identity and access management (IAM) strategies, including federation, least privilege, just in time access, identity governance, and Zero Trust principles. Integrate with multiple IdPs including Entra  SAP IAS.

Governance, Risk and Compliance (GRC)

• Establish tailored governance, risk, and compliance (GRC) frameworks for cloud adoption, including policy‑as‑code and automated compliance monitoring aligned to industry standards and regulatory requirements.

• Develop templates, accelerators, and reusable security artifacts that improve delivery speed, consistency, and compliance across cloud initiatives for BBG.

• Monitor emerging cloud services, regulatory changes, and threat trends to proactively assess risk and advise leadership on security posture and mitigation strategies.

Leadership, Delivery & Response

• Lead and develop cloud security architecture and engineering teams, setting technical direction, delivery priorities, and performance expectations.

• Provide architectural oversight and subject matter expertise for enterprise and cross‑functional initiatives, ensuring security outcomes are consistently achieved.

• Own and evolve the cloud security tools, platforms, and services portfolio to maximize effectiveness and return on investment.

• Oversee cloud incident response and forensics capabilities, leveraging native cloud telemetry and SIEM integrations to enable rapid detection, investigation, and recovery.

• Deliver thought leadership through executive briefings, architecture reviews, and security workshops, influencing stakeholders and driving secure cloud transformation.

Other duties, as assigned by the jobholder’s supervisor, may also be required.

Minimum Qualifications

• Bachelor's degree in computer science, information systems, or information technology, or equivalent work experience.

• Minimum 12 years of IT Security experience, with 5 years focused on AWS architecture

• AWS Solutions Architect – Associate Certification

• AWS Security Specialty

• CISSP Certification

• Deep expertise in AWS‑native and third‑party security tools

• Strong understanding of cloud governance, infrastructure as code (IaC), encryption, networking, and identity management.

• Strone…