Cloud Security Architect; Global Security
Job in
Toronto, Ontario, M5A, Canada
Listing for:
0000050007 Royal Bank of Canada
Full Time
position
Listed on 2026-07-14
Job specializations:
-
IT/Tech
Cybersecurity, Cloud Computing: Infrastructure & Operations, Systems Engineer
Job Description & How to Apply Below
Position: Cloud Security Architect (Global Security)
Job Description
What is the Opportunity?The Cloud Security Architect will lead the design, engineering, and delivery of cloud security solutions across RBC's enterprise environment with primary focus on Azure, multi-cloud Kubernetes (AKS, EKS, Open Shift), and AI infrastructure platforms. This role owns end-to-end security architecture and hands-on implementation, drives enterprise-scale operationalization of Wiz CNAPP, embeds security into CI/CD pipelines and infrastructure-as-code, and partners with Regulatory, Compliance, and Audit functions to ensure controls meet OSFI and industry standards.
The ideal candidate combines deep technical expertise with a delivery mindset equally comfortable whiteboarding architecture and writing the Terraform to implement it and thrives in a
fast-paced environment securing cloud platforms at scale.
What Will You Do?Lead the design, implementation, and maturation of Azure cloud security architecture across RBC's enterprise environment, serving as the primary security subject matter expert for Azure-native services, identity, networking, and data protection controlsArchitect and drive security strategy for multi-cloud Kubernetes platforms (AKS, EKS, and Open Shift Container Platform), including cluster hardening, admission control, runtime security, image assurance, network policy, secrets management, and workload identityDefine and implement security controls for cloud infrastructure supporting AI/ML workloads across public and private platforms, including compute provisioning, networking, storage, identity, and platform services (Microsoft Foundry / Azure OpenAI Service, AWS Bedrock, Sage Maker infrastructure)Lead the enterprise deployment and operationalization of Wiz CNAPP, including CSPM, CWPP, CIEM, DSPM, and container/Kubernetes security capabilities driving policy-as-code, risk prioritization, and remediation workflows at scaleEmbed security into CI/CD pipelines and software supply chain (Git Hub Actions, Terraform, ArgoCD, Helm) through automated scanning, policy enforcement, IaC security validation, and shift-left developer toolingArchitect, engineer, and deploy cloud security solutions end-to-end owing the full lifecycle from design through implementation, testing, and production delivery — and partner with Dev Sec Ops teams for ongoing control development, automation, and operational deployment at scalePartner with Regulatory, Compliance, and Audit teams to ensure cloud security controls satisfy OSFI, SOX, PCI-DSS, and internal risk frameworks translating regulatory expectations into technical control implementations and evidence automationConduct threat modeling, security architecture assessments, and cloud service security reviews to ensure alignment with industry best practices and RBC's risk appetiteBuild automated reporting, monitoring, and feedback mechanisms that enable development teams to identify and remediate security gaps early in the development lifecycleCommunicate and collaborate across engineering, platform, and application teams to drive remediation of security vulnerabilities and configuration driftLead, execute, and deliver on Cloud Security strategy and initiatives with measurable outcomesWhat Do You Need to Succeed?
Must Have:7+ years of demonstrated experience in Cyber Security, with 5+ years focused on cloud security architecture and engineeringDeep hands-on expertise with Microsoft Azure security (Defender for Cloud, Entra , Azure Policy, Network Security Groups, Private Link, Key Vault)Strong experience securing Kubernetes at scale across at least two of: AKS, EKS, or Open Shift Container Platform including admission controllers, OPA/Gatekeeper/Kyverno, service mesh security, and runtime protectionHands-on experience with Wiz CNAPP (or equivalent CNAPP platform) in a large enterprise environment, including policy authoring, risk scoring, and integration with ticketing/remediation workflowsExperience securing CI/CD pipelines and infrastructure-as-code Git Hub Actions, terraform (including Sentinel/OPA policy), container image pipelines, artifact signing, and SBOM generationDemonstrated ability to work with regulatory and audit functions (OSFI, SOX, PCI-DSS, SOC
2) to map cloud security controls to comply with requirements and produce audit-ready evidenceDemonstrated ability to operate as both a security architect and hands-on practitioner willing to roll up sleeves and write IaC, policy-as-code, automation scripts, or pipeline configurations when needed, not solely a design-and-delegate roleExperience making architectural decisions based on simplicity, industry frameworks, scalability, and reusabilityAbility to partner effectively with key stakeholders on complex programs with excellent communication, facilitation, and presentation skillsNice-to-Have:Experience securing cloud infrastructure for AI/ML workloads GPU-enabled VMs/node pools, high-bandwidth networking, large-scale storage, and managed AI platform services from a compute,…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here: