Cloud Security Architect; Global Security

Position: Staff Cloud Security Architect (Global Security)
## Staff Cloud Security Architect (Global Security)
Apply locations:
TORONTO, Ontario, Canada:
CALGARY, Alberta, Canada:
VANCOUVER, British Columbia, Canada time type:
Full time posted on:
Posted 6 Days Agotime left to apply:
End Date:
July 6, 2026 (14 days left to apply) job requisition :
R
- ** Job Description
**** What is the Opportunity?
** The Staff, Cloud Security Architect will lead the design, engineering, and delivery of cloud security solutions across RBC's enterprise environment with primary focus on Azure, multi-cloud Kubernetes (AKS, EKS, Open Shift), and AI infrastructure platforms. This role owns end-to-end security architecture and hands-on implementation, drives enterprise-scale operationalization of Wiz CNAPP, embeds security into CI/CD pipelines and infrastructure-as-code, and partners with Regulatory, Compliance, and Audit functions to ensure controls meet OSFI and industry standards.

The ideal candidate combines deep technical expertise with a delivery mindset  equally comfortable whiteboarding architecture and writing the Terraform to implement it  and thrives in a fast-paced environment securing cloud platforms at scale.
** What Will You Do?
*** Lead the design, implementation, and maturation of Azure cloud security architecture across RBC's enterprise environment, serving as the primary security subject matter expert for Azure-native services, identity, networking, and data protection controls
* Architect and drive security strategy for multi-cloud Kubernetes platforms (AKS, EKS, and Open Shift Container Platform), including cluster hardening, admission control, runtime security, image assurance, network policy, secrets management, and workload identity
* Define and implement security controls for cloud infrastructure supporting AI/ML workloads across public and private platforms, including compute provisioning, networking, storage, identity, and platform services (Microsoft Foundry / Azure OpenAI Service, AWS Bedrock, Sage Maker infrastructure)
* Lead the enterprise deployment and operationalization of Wiz CNAPP, including CSPM, CWPP, CIEM, DSPM, and container/Kubernetes security capabilities driving policy-as-code, risk prioritization, and remediation workflows at scale
* Embed security into CI/CD pipelines and software supply chain (Git Hub Actions, Terraform, ArgoCD, Helm) through automated scanning, policy enforcement, IaC security validation, and shift-left developer tooling
* Architect, engineer, and deploy cloud security solutions end-to-end owing the full lifecycle from design through implementation, testing, and production delivery — and partner with Dev Sec Ops  teams for ongoing control development, automation, and operational deployment at scale
* Partner with Regulatory, Compliance, and Audit teams to ensure cloud security controls satisfy OSFI, SOX, PCI-DSS, and internal risk frameworks translating regulatory expectations into technical control implementations and evidence automation
* Conduct threat modeling, security architecture assessments, and cloud service security reviews to ensure alignment with industry best practices and RBC's risk appetite
* Build automated reporting, monitoring, and feedback mechanisms that enable development teams to identify and remediate security gaps early in the development lifecycle
* Communicate and collaborate across engineering, platform, and application teams to drive remediation of security vulnerabilities and configuration drift
* Lead, execute, and deliver on Cloud Security strategy and initiatives with measurable outcomes
** What Do You Need to Succeed?  Must Have:
*** 7+ years of demonstrated experience in Cyber Security, with 5+ years focused on cloud security architecture and engineering
* Deep hands-on expertise with Microsoft Azure security (Defender for Cloud, Entra , Azure Policy, Network Security Groups, Private Link, Key Vault)
* Strong experience securing Kubernetes at scale across at least two of: AKS, EKS, or Open Shift Container Platform including admission controllers, OPA/Gatekeeper/Kyverno, service mesh security, and runtime protection
* Hands-on experience with Wiz CNAPP (or equivalent CNAPP platform) in a large enterprise environment, including policy authoring, risk scoring, and integration with ticketing/remediation workflows
* Experience securing CI/CD pipelines and infrastructure-as-code Git Hub Actions, terraform (including Sentinel/OPA policy), container image pipelines, artifact signing, and SBOM generation
* Demonstrated ability to work with regulatory and audit functions (OSFI, SOX, PCI-DSS, SOC
2) to map cloud security controls to comply with requirements and produce audit-ready evidence
* Demonstrated ability to operate as both a security architect and hands-on practitioner willing to roll up sleeves and write IaC, policy-as-code, automation scripts, or pipeline configurations when needed, not solely a design-and-delegate role
* Experience making architectural decisions based on simplicity, industry frameworks, scalability, and…