Location - In office - Hybrid 2 days, no specific days | Scarborough, ON & Toronto, ON (contractor can choose)
Duration: 5 months | Possibility for extension
Responsibilities
The Senior Lead, Cloud provides expert guidance to business lines to ensure the secure design, development, and implementation of complex cloud projects and initiatives. This role ensures alignment with the Bank’s Information Security Standards and compliance with industry regulations. In this senior advisory capacity, you will support multiple business lines, helping them make informed decisions to protect information assets deployed in Public Cloud environments.
• Advising on secure cloud architecture and design for high profile initiatives.
• Ensuring cloud solutions comply with enterprise security standards and regulatory requirements.
• Guiding business lines through risk identification, mitigation strategies, and secure implementation practices.
• Supporting decision making related to the protection of information assets in GCP, Azure, and other cloud environments.
• Design and implement security controls for cloud-based applications and infrastructure.
• Develop and enforce cloud security patterns, policies, standards, and procedures.
• Conduct comprehensive Threat Risk Assessments (TRAs) on large, high profile GCP and Azure initiatives.
• Evaluate existing security solutions and recommend enhancements or new architectures
• Identify vulnerabilities, weaknesses, and gaps in cloud environments and propose remediation strategies.
• Provide advisory support on applying the bank’s security standards to cloud technologies.
• Oversee the security posture of assigned lines of business, ensuring appropriate tools and controls are applied.
• Support risk management activities and respond to compliance assessments and third-party audits.
• Work directly with technical leads to support cloud initiatives from an Information Security perspective.
Must Have Skills
• 10+ years of hands-on technical experience performing security assessments on cloud platforms, CI/CD pipelines, network infrastructure, and complex applications, including risk assessments for cloud-migrated workloads.
• 6 + years of experience in security solution architecture, software development, or hands-on implementation of cloud environments, security controls, and cloud-based solutions.
• Strong knowledge of cloud technologies and cloud security across GCP, Azure, or AWS, including Kubernetes, IAM, CI/CD pipelines, Terraform, and infrastructure as code.
• Familiarity with industry standards and frameworks such as NIST 800 53, ISO 27001/27002/27017/27018, PCI DSS, and CIS benchmarks.
Nice to Have Skills
• Experience with GCP and Kubernetes (strong asset).
• Experience supporting compliance assessments, audits, and cloud governance processes.
Education & Certificates
• Cloud security or cloud architecture certifications (Google, Microsoft, AWS).
• Additional security certifications (CISSP, CISM, CCSP, CRISC) considered an asset.
